Further streamline & sanitize lead handling
- Never log anything from rpmLeadRead(), instead return an error message
the callers can log if they see fit
- Add a return value for the lead type (which is the only bit of
info from the lead we sometimes resort to using)
- Permit NULL pointers on all return values
- Eliminate rpmLeadCheck() and rpmLeadType() from the internal API,
these are now combined into rpmLeadRead().
- Fix up the callers: only (re)signing needs the actual lead,
signature verification only cares if its valid or not and
package reading only wants the type from the lead (annoying but...)