Support equivalent of "rpmsign --signfiles"

[aplanas]

The plugin rpm-plugin-ima is used to extract from the RPM the file signature, and add them into the extended attribute "security.ima" once the file is extracted. Later this attribute can be used for IMA/EVM to validate and load the file during he appraisal.

Seems that this signature is added via rpmsign --signfiles, and a private key should be passed as a parameter.

IIUC OBS should use obs-sign only for signing RPM, so if we seek the IMA integration using the certificates of openSUSE and SUSE, we should extend the tool to support file signatures in RPM.