sq certify

It's about time to implement certification. The API should probably look something like:

sq certify [KEY] [CERT] [USERID...]

There should be an option to create a trust signature including adding regular expressions.

USERID doesn't need to be present on CERT, but that is an advanced feature, which could be enabled by a switch. For instance, by default, we try and match self-signed User IDs (e.g., the user provides alice@example.org and there is a User ID: Alice <alice@example.org>). But, if --exact-userid is passed, then we use the USERID as is.

It should also be possible to set notations.