add melange sign command, slightly refactor and make public the signing methods

[joshrwolf]

Adds a melange sign ... command to (re-)sign apks with the provided key.

This also slightly refactors the emit signature section of the PackageBuild to reuse the signing method.

The refactor includes:

• handle the control data + signing in memory
• hoist the signing into build.EmitSignature(...) to reuse the content digest for the various ApkSigner implementations

Sample:

❯ tar tvf packages/aarch64/kubelet-latest-0-r0.apk
-rwxrwxrwx  0 root   root      512 Dec 31  1969 .SIGN.RSA.local-melange.rsa.pub
-rw-r--r--  0 root   root      333 Aug 16 12:26 .PKGINFO
drwxr-xr-x  0 root   root        0 Aug 16 12:26 usr
drwxr-xr-x  0 root   root        0 Aug 16 12:26 usr/bin
lrwxr-xr-x  0 root   root        0 Aug 16 12:26 usr/bin/kubelet -> kubelet-1.28
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var/lib
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var/lib/db
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var/lib/db/sbom
-rw-r--r--  0 root   root     1188 Aug 16 12:26 var/lib/db/sbom/kubelet-latest-0-r0.spdx.json

➜ melange sign packages/aarch64/*.apk -k something-else.rsa

➜ tar tvf packages/aarch64/kubelet-latest-0-r0.apk
-rwxrwxrwx  0 root   root      512 Dec 31  1969 .SIGN.RSA.something-else.rsa.pub
-rw-r--r--  0 root   root      333 Aug 16 12:26 .PKGINFO
drwxr-xr-x  0 root   root        0 Aug 16 12:26 usr
drwxr-xr-x  0 root   root        0 Aug 16 12:26 usr/bin
lrwxr-xr-x  0 root   root        0 Aug 16 12:26 usr/bin/kubelet -> kubelet-1.28
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var/lib
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var/lib/db
drwxr-xr-x  0 root   root        0 Aug 16 12:26 var/lib/db/sbom
-rw-r--r--  0 root   root     1188 Aug 16 12:26 var/lib/db/sbom/kubelet-latest-0-r0.spdx.json