Note that checks in the code against exceeding that limit apparently are
broken, though. After the previous change I ended up with an invalid PDF where
the signature hex string in the output PDF had brutally overrun its
allocation.

Now Adobe Reader says "The signature includes an embedded timestamp but it
could not be verified". This is progress. Perhaps I just need to tell Adobe
Reader to trust the certificate from the TSA I used.

Change-Id: I1e8644ee641592a985e0190b52bf76839f99b3e7