gpg: Add option --allow-weak-key-signatures.

* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e624c41dba)

doc/gpg.texi

@@ -113,9 +113,12 @@ only one command is allowed.  Generally speaking, irrelevant options
 are silently ignored, and may not be checked for correctness.
 
 @command{@gpgname} may be run with no commands. In this case it will
-perform a reasonable action depending on the type of file it is given
-as input (an encrypted message is decrypted, a signature is verified,
-a file containing keys is listed, etc.).
+print a warning perform a reasonable action depending on the type of
+file it is given as input (an encrypted message is decrypted, a
+signature is verified, a file containing keys is listed, etc.).
+
+If you run into any problems, please add the option @option{--verbose}
+to the invocation to see more diagnostics.
 
 
 @menu
@@ -3273,6 +3276,12 @@ weak.  See also @option{--allow-weak-digest-algos} to disable
 rejection of weak digests.  MD5 is always considered weak, and does
 not need to be listed explicitly.
 
+@item --allow-weak-key-signatures
+@opindex allow-weak-key-signatures
+To avoid a minor risk of collision attacks on third-party key
+signatures made using SHA-1, those key signatures are considered
+invalid.  This options allows to override this restriction.
+
 @item --no-default-keyring
 @opindex no-default-keyring
 Do not add the default keyrings to the list of keyrings. Note that