This is always requires unanimous consent, right? (all users must sign everything).

We should create event kinds to send invitations to sign to peers via Nostr. So that if you and I collaborate on a key, you can ask me to sign an update and my client can show this as a notification and a button to confirm.