This splits most of the PDF signature code out of the pdfverify
executable, and puts it into the xmlsecurity library instead.

The PDFSignatureHelper now attempts to verify PDF signatures, and code
in sdext / sfx2 also calls it (even if PDF is not a ZIP-based format).

Change-Id: I7b8b3ac9c976e4ea4f3796b1cda07c8a2c97bd02
Reviewed-on: https://gerrit.libreoffice.org/29751Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
Tested-by: Jenkins <ci@libreoffice.org>