nix verify-paths: Add ‘--sigs-needed <N>’ flag

This specifies the number of distinct signatures required to consider
each path "trusted".

Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables
verifying whether a path is trusted (since a path can also be trusted
if it has no signatures, but was built locally).

src/libstore/store-api.hh

@@ -127,6 +127,9 @@ struct ValidPathInfo
     /* Return the number of signatures on this .narinfo that were
        produced by one of the specified keys. */
     unsigned int checkSignatures(const PublicKeys & publicKeys) const;
+
+    /* Verify a single signature. */
+    bool checkSignature(const PublicKeys & publicKeys, const std::string & sig) const;
 };
 
 typedef list<ValidPathInfo> ValidPathInfos;