InRelease file: support Signed-By field

https://wiki.debian.org/DebianRepository/Format#Signed-By says:
> **Signed-By**
> An optional field containing a comma separated list of
> OpenPGP key fingerprints to be used for validating
> the next Release file. The fingerprints must consist
> only of hex digits and may not contain spaces.
> The fingerprint specifies either the key the Release file
> must be signed with or the key the signature key must be
> a subkey of. The later match can be disabled by appending
> an exclamation mark to the fingerprint.
>
> If the field is present, a client should only accept future updates
> to the repository that are signed with keys listed in the field.
> The field should be ignored if the Valid-Until field is not present
> or if it is expired.

For both the CLI tools and JSON, the field is taken as a string verbatim.

When specified, we must also provide `Valid-Until` field,
and i'm not sure there is an 'infinity' value for it,
so 100 years will have to do?

Fixes https://github.com/aptly-dev/aptly/issues/1497

system/t06_publish/PublishSnapshot43Test_release

@@ -0,0 +1,12 @@
+Origin: LP-PPA-gladky-anton-gnuplot
+Label: . maverick
+Suite: maverick
+Codename: maverick
+Signed-By: string,separated,by,commas
+Architectures: amd64 i386
+Components: main
+Description: Generated by aptly
+MD5Sum:
+SHA1:
+SHA256:
+SHA512: