Optional signature verification

[justinludwig]

Allow third option between required verification and no verification that records signature metadata and attempts to verify signatures, but does not raise any verification exceptions.

To use this new third option, set decryptor verificationType property to Optional:

List<FileMetadata.Signature> signatures =
    new Decryptor(
        new Key(new File("path/to/my/keys/alice-pub.gpg")),
        new Key(new File("path/to/my/keys/bob-sec.gpg"), "b0bru1z!")
    )
    .withVerificationType(Decryptor.VerificationType.Optional)
    .decrypt(
        new File("path/to/ciphertext.txt.gpg"),
        new File("path/back-to/plaintext.txt")
    )
    .getSignatures();
// for example, to reject messages with any unverified signatures
for (FileMetadata.Signature signature : signatures)
    if (!signature.isVerified())
        throw new VerificationException("unverified signature for key "
            + signature.getKeyId());
// for example, to require at least 2 verified signatures
int verified = 0;
for (FileMetadata.Signature signature : signatures)
    if (signature.isVerified())
        verified++;
if (verified < 2)
    throw new VerificationException("requires 2 verified signatures");

During the decryption process, the internal implementation of the decryptor used to always create a list of verifiers for every known key used to sign a message, but skip creating verifiers for unknown or unusable keys. Now it:

1. skips creating verifiers entirely when the verification type is None
2. creates verifiers even for unknown/unusable keys when the verification type is not None
3. skips verifiers for unknown/unusable keys when running the verification logic

It uses the verifiers for unknown/unusable keys (along with known keys) to populate the FileMetadata signatures list at the final step of the verification process.

[yexiong]

来信已收到，我会尽快处理。加急请联系：13675888422谢谢叶熊