download-build: allow fallback to unsigned with --key
    
    If you pass --key to download-build and signed packages aren't
    available, Koji will skip the unsigned package, or error out.
    This adds a modified behavior controlled by the new
    --fallback-unsigned arg. If this is passed with --key, unsigned
    copies will be downloaded for packages for which no signed copy
    can be found.
    
    This is primarily intended to work with a proposed Bodhi feature:
    https://github.com/fedora-infra/bodhi/pull/5859 . That would
    make Bodhi's `bodhi updates download` command automatically try
    to download signed copies, but I think it would be best if it
    falls back to getting unsigned copies if that doesn't work. Just
    failing out entirely seems wrong for that case. Implementing the
    fallback in Bodhi itself is more awkward and messy than adding it
    in Koji, and it may be useful for others in Koji I guess.
    
    Note there are two distinct 'no signed copies' cases. In the
    simple one, queryRPMSigs tells us Koji has no record of the
    package ever being signed with the key in question. In this case
    we don't bother trying to download a signed copy. In the other
    case, queryRPMSigs tells us the package *has* been signed with
    the key, but it turns out that signed copy has been garbage-
    collected and we can no longer download it. In this case we have
    to catch the failure on the download attempt and retry the
    download with sigkey set to None.
    
    Signed-off-by: Adam Williamson <awilliam@redhat.com>