It's about time to implement certification. The API should probably look something like: ``` sq certify [KEY] [CERT] [USERID...] ``` There should be an option to create a [trust signature](https://tools.ietf.org/html/rfc4880#section-5.2.3.13) including adding [regular expressions](https://tools.ietf.org/html/rfc4880#section-5.2.3.14). `USERID` doesn't need to be present on `CERT`, but that is an advanced feature, which could be enabled by a switch. For instance, by default, we try and match self-signed User IDs (e.g., the user provides `alice@example.org` and there is a User ID: `Alice <alice@example.org>`). But, if `--exact-userid` is passed, then we use the USERID as is. It should also be possible to set notations.