Revocation Support
Add support to query whether a given TPK is revoked. Likewise for bindings.
Note: if a revocation certification is revoked, then that revocation should be ignored. This means that we have to check all signatures, not just the newest.
Note: whether a key is revoked is a tri-state: <yes, could_be, probably_not>. could_be should be returned if there is a revocation certificate from a designated revoker, but the TPK for the designated revoker is not available. (It should be possible to provide TPKs to the is_revoked method.)