Remove --disable-signers-uid and all support for signer's uid.

[lambdafu]

"Signer's UID" is a signature subpacket that is supposed to be able to indicate to the verifier of a signature which user id was used to create the signature, for example if the same signature key is used privately and for work, indicating a role under which the signature was made. Here is the relevant text from RFC4880:

This subpacket allows a keyholder to state which User ID is responsible for the signing. Many keyholders use a single key for different purposes, such as business communications as well as personal communications. This subpacket allows such a keyholder to state which of their roles is making a signature.

This subpacket is not appropriate to use to refer to a User Attribute packet.

This feature is poorly designed and implemented. It's basically a free text field that is passed on to applications, but as there is no verification on it (except that it is included in the signature hash), actually using it in applications could be very dangerous. In fact, GnuPG does not even make sure that it contains an actual user id, instead using whatever uid was used to locate the key.

As there is no valid use case, this patch removes all support for it.

[codecov[bot]]

Codecov Report

Merging #87 into master will increase coverage by <.01%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master      #87      +/-   ##
==========================================
+ Coverage   20.53%   20.53%   +<.01%     
==========================================
  Files         294      294              
  Lines       32769    32769              
==========================================
+ Hits         6729     6730       +1     
+ Misses      26040    26039       -1