Separate out classes for reading public keys from a repository;
checking the public keys; and checking push certificates. This
minimizes the amount of Gerrit-specific code which needs to go in the
actual pre-receive hook, and makes testing much more feasible. Add
lots of tests.
When verifying a signature, iterate over all possible keys to find one
that can verify the signature, and only then check the key.
Move these various classes into a "gpg" subpackage. We use gpg rather
than pgp (as Bouncy Castle does) for consistency with C git, which
refers to its OpenPGP support consistently as "gpg".
Written with a minimum of dependencies (e.g. no Guava or AutoValue)
for ease of upstreaming into JGit.
Change-Id: I88588a2d33a5e9ea3a75900a0db6ab07269826e8
61003e99ce