pkg: add a pkgsign_verify_data callback

This will be used to verify raw payloads, as if signed by pkg-key(8).
It will be used specifically in pkg(7) to verify .pubkeysig as published
by poudriere.

Amend verify_pubsignature() now to use it. For the RSA signer, we need
to verify using a sha256 of the data instead of the data itself.

Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D48109