Split signing and verification to enable SHA-1 handling/canonicalization

[petergoldstein]

Split the verification and signing. Adds SHA-1 support. Separate canonicalization for verification/signing coming in a future PR.

[petergoldstein]

This is a partial replacement for #28. Cleaned up with the duplication detection pulled out into a separate PR.

[mskucherawy]

Accepting this to split the internals into a signing side and a verifying side, but we need a flag that can cause only one or the other to happen as well. I understand that's going to be submitted later.