coreos: drop requirement on stream key
RoboSignatory actually doesn't need to know the stream being signed at
all. I think the original rationale for this was so that we could tell
which stream was being signed for informational purposes. Nowadays: (1)
RoboSignatory returns all the keys in the request message in its
response, (2) FCOS stream information is encoded in the version ID
already, and (3) we're going to add idempotency request ID tokens to
track individual requests.
Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>