bin/xbps-install: add --import-key arg for non-interactive key import

[classabbyamp]

as requested by @the-maldridge

see also: #336, #399

This works around the security concerns brought up in those issues by ensuring that only the requested keys are ever imported automatically, not blindly importing any keys that would be prompted for importation.

• lib/repo.c: add expected fingerprints argument to xbps_repo_key_import

This array is a list of key fingerprints that should be imported without confirmation upon importing keys for a signed repository. A new state_cb state is added to allow for showing a message or doing some action when importing these keys.

• bin/xbps-install: add --import-key arg for non-interactive key import

Allows the user to specify a list of key fingerprints that are expected and should be imported if encountered. This will be useful for scripted or other non-interactive situations, including in xbps-src (removing interaction during operations if the repodata in hostdir/binpkgs is signed), and bootstrapping new systems without needing to copy the <fingerprint>.plist files into place beforehand.

Prints a message when importing to ensure the user knows the key was imported:

# xbps-install -k '6e:a5:91:cc:71:99:18:32:75:dc:be:b4:f8:ac:dc:19' -R http://localhost:8000/ -R https://repo-fastly.voidlinux.org/current -r /tmp/xbps-test -S
[*] Updating repository `http://localhost:8000//x86_64-repodata' ...
x86_64-repodata: 2098B [avg rate: 500MB/s]
[*] Updating repository `https://repo-fastly.voidlinux.org/current/x86_64-repodata' ...
x86_64-repodata: 1849KB [avg rate: 597MB/s]
`http://localhost:8000/' repository has been RSA signed by "classabbyamp"
Importing key with fingerprint: 6e:a5:91:cc:71:99:18:32:75:dc:be:b4:f8:ac:dc:19
`https://repo-fastly.voidlinux.org/current' repository has been RSA signed by "Void Linux"
Fingerprint: 60:ae:0c:d6:f0:95:17:80:bc:93:46:7a:89:af:a3:2d
Do you want to import this public key? [Y/n]