Add information about paths to dependencies when failing verification When dependency verification fails, it's often necessary to actually look at the artifacts which were downloaded. Gradle will not display the paths to the artifacts which were involved in a verification failure, so that the user can check if they are the ones they expect or something else.
This also gives the ability to actually delete the file from the local cache if it makes sense.
Avoid verifying the same artifact multiple times and make sure that signature files are downloaded concurrently. This commit adds several improvements, in particular by avoiding making the same network requests multiple times just because we use the same PGP key but in a different context.