Implement PGP signature verification and SHA256 checks.

This will use PGP to verify the client info file, then use the checksums
from that file to verify the files it references after they are
downloaded.

This is intended to mitigate main-in-the-middle attacks against
Quicklisp bootstrapping.

More work remains to be done on the client side.

Author: xach