Add support for key fingerprints In order to provide maximum security, it's now possible to use full key fingerprints, in addition to long (64-bit) key ids, in trusted or ignored keys.
It doesn't matter what format is used: if a trusted key uses a long id, then it's possible that if there's a key collision, an artifact would be trusted even if it shouldn't. If a fingerprint is used instead, then we would use the full fingerprint for verification.
It's worth nothing that PGP doesn't provide the full fingerprint in signatures for the key issuer. This means that when we're going to download keys, we will still use the long ids.
Fix ignored keys not written for failed verifications In order to generate a file which can _immediately_ be used despite verification failures (because we fallback on checksum verification), we need to add the ignored keys at the artifact level.