We can only *really* trust this once the certificate validates, and even then the certificate could be out of date. So now the mapping is only treated as high-trust when the inner messages decrypts successfully too.
Note that on its own this doesn't change behavior of the app; OWSMessageProcessor still drops non-ACI messages even attempting to decrypt them.