mash + koji write-signed-rpm

[Bill Nottingham]

rob myers (rob.myers at gtri.gatech.edu) said: 
> why not have mash write a signed rpm out instead of just warning users
> when a package has cached signatures, but no signed rpm?
> 
> lightly tested patch attached.

That would require the user running mash to authenticate to koji
with a fairly high level of privelege, which seemed somewhat outside of
the scope of it.

Bill