Store the app signatures as part of the backup set

Under a pseudo-app for the Package Manager, we store the app signatures for all
participating applications installed on the device.  At restore time we will
restore this first, then ensure that the current on-device signature chain is
compatible with the one in the backup set.  If there's a mismatch, this may be a
spoof attempt and we will refuse to restore that app's data.

The restore side of this is not implemented, but the Package Manager agent is
here as well as the backup side theoretically pushing the data now.