* close opened file handles
* don't create QFile objects that are never used
* check for locality as it must with the current implementation be local files we're checking
* get rid of the unhelpful Private class method and merge it into the main class method
* don't append .asc to the packagePath accidentally when making the sig path
it was like pulling on a thread in a sweater: the changes just kept rolling
into each other...
* don't load all the keys at start, just cache them as they are requested
* use GpgContext::key to get the key for us rather than looping through all keys
* fix SignedBy so it doesn't say a key is signed by every other key(!)
* FullTrus*t*ed
this should not be writable by the user, but is readable. safer than
picking the first dir that matches ... which would usually be in the
user's own dir. *facepalm*
