What is the best way to derive the initial chain code for BIP-32?

[fjarri]

#132 introduced BIP-32 derivation for threshold key shares. As the initial chain code we use a hash of the full verifying key. Is this secure? Is there a better way to do it?

One option is to use the rid value that is built as a kind of a shared secret during KeyInit. Would such double-purpose usage be secure?

Also, could rid be used to support hardened derivation somehow?