Make sure we always have valid struct apk_trust * for code using it.
Load the signing keys directly when being specified to produce
sane error message if loading them fails.
- basic digesting and signing apis (subject still to fine tuning)
- update digest code, and adb signing for the thin wrapping layer
- old v1 package and database handling not updated
- default mkpkg file hash to sha256
ref #10744