Track events not yet decrypted

• don't try to decrypt the whole client
• track session id of undecrypted events
• when receiving new session keys, only try to decrypt those events with those session ids