potential preshared-key changes

[crasm at wireguard.1.email.vczf.io]

Forgive me in advance if this is a horrible or misinformed idea, but why
not blake2s the preshared-key with each peer's public key and distribute
that as a per-peer "preshared" key, mixing it in last? That would reduce
the risk of key compromise, since each peer would have a unique key and
the real key is not copied to each peer.

I do like identity hiding, but I can't tell if there's a way for the
above to work without exposing public keys (at least considering roaming
IPs).