Clarify handling of MPIs with rounded up length

Such malformed signature are created in every commit or tag created by the servers of Github.com, so that are a lot of signatures in the wild.

GPG validates that without noticing anything. Looking at its mpi_read function https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=g10/parse-packet.c;h=cea1f7ebc5daec3863ae963c1ab25500f86796fe;hb=f6caf5b17366efa93f806f22e7441eb27f4d382c#l116 it always reads full bytes and uses the content of a full byte even when it should only use a partial byte and has no validation of leading zero or length for a partial byte case.

Found with sequoia, see issue at: sequoia-pgp/sequoia#912 (closed)