Verify AppIdentityService signatures against all valid certificates

[tmatsuo]

This PR is based on #50, but added some commits for the test to pass.

[googlebot]

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this State. It's up to you to confirm consent of the commit author(s) and merge this pull request when appropriate.

[tmatsuo]

@jmaurice FYI

[tmatsuo]

The code LGTM, but I'm not happy with the fact that the appengine-plugin doesn't have tests (and some other cosmetic things of the original files).

[chingor13]

Looks fine to me assuming that AppIdentityService::signForApp is doing a basic openssl signature.

This could also speed up the verification by not having to make a synchronous API call, but could also use more of your allotted CPU.