activitypub inbox: only accept unsigned/invalid-signature relayed creates, nothing else
although the previous handling assumed any unsigned/invalid signature message was a Create, lets make it more explicit
(accepting an invalid-signature relayed create is fine, in those cases, we explicitly fetch the object by reference, as if it were a pointer)
Edited by kaniini