Narinfo sign: multiple signatures variant

This is a small optimization used when we're signing a narinfo for
multiple keys in one go. Using this sign variant, we only compute the
NAR fingerprint once, then sign it with all the keys.

src/libstore/binary-cache-store.cc

@@ -279,9 +279,7 @@ ref<const ValidPathInfo> BinaryCacheStore::addToStoreCommon(
     stats.narWriteCompressedBytes += fileSize;
     stats.narWriteCompressionTimeMs += duration;
 
-    for (auto &signer: signers) {
-        narInfo->sign(*this, *signer);
-    }
+    narInfo->sign(*this, signers);
 
     /* Atomically write the NAR info file.*/
     writeNarInfo(narInfo);

src/libstore/include/nix/store/path-info.hh

@@ -144,6 +144,7 @@ struct ValidPathInfo : UnkeyedValidPathInfo {
     std::string fingerprint(const Store & store) const;
 
     void sign(const Store & store, const Signer & signer);
+    void sign(const Store & store, const std::vector<std::unique_ptr<Signer>> & signers);
 
     /**
      * @return The `ContentAddressWithReferences` that determines the

src/libstore/path-info.cc

@@ -40,6 +40,14 @@ void ValidPathInfo::sign(const Store & store, const Signer & signer)
     sigs.insert(signer.signDetached(fingerprint(store)));
 }
 
+void ValidPathInfo::sign(const Store & store, const std::vector<std::unique_ptr<Signer>> & signers)
+{
+    auto fingerprint = this->fingerprint(store);
+    for (auto & signer: signers) {
+        sigs.insert(signer->signDetached(fingerprint));
+    }
+}
+
 std::optional<ContentAddressWithReferences> ValidPathInfo::contentAddressWithReferences() const
 {
     if (! ca)