The InRelease file is currently signed using multiple keys and we want
to be able to verify its signature. So allow multiple signatures as
long as all of them are valid.
For uploads (.changes files) we still require that only a single
signature is present. This is currently enforced by the 'fingerprint',
'primary_fingerprint' and 'signature_id' accessors.