InRelease file: support Signed-By field

https://wiki.debian.org/DebianRepository/Format#Signed-By says:
> **Signed-By**
> An optional field containing a comma separated list of
> OpenPGP key fingerprints to be used for validating
> the next Release file. The fingerprints must consist
> only of hex digits and may not contain spaces.
> The fingerprint specifies either the key the Release file
> must be signed with or the key the signature key must be
> a subkey of. The later match can be disabled by appending
> an exclamation mark to the fingerprint.
>
> If the field is present, a client should only accept future updates
> to the repository that are signed with keys listed in the field.
> The field should be ignored if the Valid-Until field is not present
> or if it is expired.

For both the CLI tools and JSON, the field is taken as a string verbatim.

When specified, we must also provide `Valid-Until` field,
and i'm not sure there is an 'infinity' value for it,
so 100 years will have to do?

Fixes https://github.com/aptly-dev/aptly/issues/1497

system/t06_publish/PublishList5Test_gold

@@ -14,6 +14,7 @@
     "Origin": "LP-PPA-gladky-anton-gnuplot",
     "Path": "./maverick",
     "Prefix": ".",
+    "SignedBy": "",
     "SkipContents": false,
     "SourceKind": "snapshot",
     "Sources": [
@@ -39,6 +40,7 @@
     "Origin": "",
     "Path": "ppa/smira/wheezy",
     "Prefix": "ppa/smira",
+    "SignedBy": "",
     "SkipContents": false,
     "SourceKind": "snapshot",
     "Sources": [
@@ -65,6 +67,7 @@
     "Origin": "origin1",
     "Path": "ppa/tr1/maverick",
     "Prefix": "ppa/tr1",
+    "SignedBy": "",
     "SkipContents": false,
     "SourceKind": "snapshot",
     "Sources": [
@@ -91,6 +94,7 @@
     "Origin": "",
     "Path": "ppa/tr2/maverick",
     "Prefix": "ppa/tr2",
+    "SignedBy": "",
     "SkipContents": false,
     "SourceKind": "snapshot",
     "Sources": [