Use GnuPG to check the digital signatures on feeds.
A human-readable description of a signature.
Run "gpg --import" with this data as stdin.
Get the first human-readable name from the details.
Verify the GPG signature at the end of data (which must be XML).
Returns the list of signatures found, plus the raw stderr from gpg (which may be useful if
you need to report an error).
Load a set of keys at once. Returns a map from fingerprints to information.