Hydra signs with >= 2 sets of keys

[RaitoBezarius]

Is your feature request related to a problem? Please describe.

In preparations to experiment PRs like NixOS/nix#9076, it would be necessary to enable Hydra to sign with more than 2 sets of keys, the legacy one and another modern backend.

Describe the solution you'd like

(1) Hydra gets configured with a list of keys to use for signature
(2) Hydra produces NARs with multiple signatures, tested in a local deployment
(3) A tool to resign any NAR with any key is provided along to resign any missed NAR files in-place or whatever (to recover from mistakes)
(4) Hydra dual-signs is deployed over infrastructure with legacy and new modern signing backend, ideally in a secure location (HSM/KMS/whatever)
(5) In case of issues, rollback + resigning of any NAR can take place.
(6) At the same time, the new public key of cache.nixos.org is offered via nixpkgs.
(7) At the same time, the legacy public key of cache.nixos.org should not be trusted anymore for new NARs after a certain date.

Describe alternatives you've considered

Additional context

[RaitoBezarius]

I understand this might fit better the Hydra issue tracker, feel free to move my recent issues over there if necessary, apologies for the noise.