Interim fix to show if package is signed by f-droid
This MR proposes an interim fix to and addresses #289 (closed) in showing whether a package apk is signed by f-droid or by upstream.
In gist, it pulls the list of official f-droid.org signers from the repo's signer-index.json against which the signer field of the package would be checked: if the signer is on the list, it will be shown as built and signed by F-Droid, otherwise it will be shown as built and signed by the original developer.
#289 (closed) anticipates new fields would probably make its way into and form part of index-v2, which would probably supercede this MR eventually; but until then (there's currently no ETA yet), this MR should be good enough as an interim fix to hold strong the three possible cases of signatures:
| (1) Built and signed by f-droid |
(2) f-droid + upstream signatures |
(3) Upstream signatures only |
|---|---|---|
| eg: F-Droid Client | eg: NewPipe | eg: Offi |
 |
 |
 |
Edited by Ray c