Add verification of signatures using gpgv2
I looked into using pygpgme, but it seems that would be much more complicated.
In particular setting the keyring is non-obvious, and the results have to
verified manually, etc. Just doesn't seem worth the trouble.