store URI: introduce multiple signatures support

Add a `secretKeyFiles` URI parameter in the store URIs receiving a
coma-separated list of Nix signing keyfiles.

For instance:

  nix copy --to "file:///tmp/store?secret-keys=/tmp/key1,/tmp/key2" \
    "$(nix build --print-out-paths nixpkgs#hello)"

The keys passed through this new store URI parameter are merged with
the key specified in the `secretKeyFile` parameter, if any.

We'd like to rotate the signing key for cache.nixos.org. To simplify
the transition, we'd like to sign the new paths with two keys: the new
one and the current one. With this, the cache can support nix
configurations only trusting the new key and legacy configurations
only trusting the current key.

See https://github.com/NixOS/rfcs/pull/149 for more informations
behind the motivation.

src/libstore/binary-cache-store.cc

@@ -29,8 +29,17 @@ BinaryCacheStore::BinaryCacheStore(const Params & params)
     , Store(params)
 {
     if (secretKeyFile != "")
-        signer = std::make_unique<LocalSigner>(
-            SecretKey { readFile(secretKeyFile) });
+        signers.push_back(std::make_unique<LocalSigner>(
+            SecretKey { readFile(secretKeyFile) }));
+
+    if (secretKeyFiles != "") {
+        std::stringstream ss(secretKeyFiles);
+        Path keyPath;
+        while (std::getline(ss, keyPath, ',')) {
+            signers.push_back(std::make_unique<LocalSigner>(
+                SecretKey { readFile(keyPath) }));
+        }
+    }
 
     StringSink sink;
     sink << narVersionMagic1;
@@ -270,9 +279,11 @@ ref<const ValidPathInfo> BinaryCacheStore::addToStoreCommon(
     stats.narWriteCompressedBytes += fileSize;
     stats.narWriteCompressionTimeMs += duration;
 
-    /* Atomically write the NAR info file.*/
-    if (signer) narInfo->sign(*this, *signer);
+    for (auto &signer: signers) {
+        narInfo->sign(*this, *signer);
+    }
 
+    /* Atomically write the NAR info file.*/
     writeNarInfo(narInfo);
 
     stats.narInfoWrite++;