Refactor ts out of the main signature checking worker

Refactor ts out of the main signature checking worker
- Add lower level rpmpkgVerifySigs() function which does the real work,
  ts and full qva isn't needed there, just keyring and flags what to verify.
  Static only for now, but this is the kind of interface we'll want to
  export eventually.
- rpmVerifySignatures() is now just a API-compatibility wrapper.
- Use rpmpkgVerifySigs() instead of rpmVerifySignatures() in rpmcliSign()
  verify loop so we only retrieve keyring once.