Cert::merge_packet prefers merged keys, but not merged signatures are merged when canonicalizing
Cert::merge_packet
is a bit inconsistent. When there is a duplicate key, it use the new key. When there is a duplicate signature, it let's Cert::canonicalize
merge them. Is this the behavior that we want? Either way, we should better document what happens when duplicate signatures are merged. (User IDs and User Attributes are not a problem, because duplicates are really bit identical.)