Enable OpenPGP signature verification (Closes: #610712)

add a new opts= option for debian/watch files: pgpsigurlmangle.

if this option is present and the file debian/upstream-signing-key.pgp
exists (as an OpenPGP keyring) uscan will try to fetch the detached
signature based on the mangled URL, and verify it against the key(s)
stored in the keyring.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>