Describe "Attested Certifications" subpacket

The "no-modify" flag in the Key Server Preferences subpacket has never had a clear indication of how a keyserver can effectively respect it.

This changeset describes an "Attested Certifications" subpacket that makes "no-modify" actionable by a keyserver. A keyserver that respects this flag will only redistribute third-party certifications that have been attested to by the certificate owner.

Signed-off-by: Daniel Kahn Gillmor dkg@fifthhorseman.net