Passcrow protocol: Forbid recovery *before* a certain date

It should be possible for a passcrow client to express that recovery is forbidden until a certain date has passed.

This can be used to prevent recovery attempts against software which is in active use; as long as the software regularly updates the "not before" date, recovery remains impossible (assuming uncompromised passcrow servers).