[verify] Support multiple encryption keys

[viklund]

Main user story

As a security conscious user of the sensitive data arcive,
I want to see that the archive can rotate encryption keys
so that security can be maintained.

Sub user story

As an sda-dev
I want to implement multiple-key support for the verify services
so that repository key rotation can be enabled.

Description

• Verify should be able to load a directory of public/private key pairs instead of just a specific one (same configuration as ingest).
• Since verify reads all the keys from the directory should keep all the key hashes in memory for finding the private key to use without trying all the private keys.
• For verify to pass for a file it should look up the hash of the key used to encrypt a file from the database and should then try to decrypt the file with that specific key.

Acceptance criteria

• Demonstrate ingestion and verification of encrypted files with two different archive c4gh private keys.
• Tests verifying the changes added

Extra information

This issue was split off from issue #787.

Note: key rotation miro board here

[aaperis]

This issue is quite connected with #787 and will be more complex if done in parallel due to integration tests and all moving parts that need to be done together, so (after discussing it also with @nanjiangshu) I am putting it back to the stack for now.