gpgsm: Add new validation model "steed".

* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.

doc/DETAILS

@@ -58,6 +58,10 @@ record; gpg2 does this by default and the option is a dummy.
 		u = The key is ultimately valid.  This often means
 		    that the secret key is available, but any key may
 		    be marked as ultimately valid.
+                w = The key has a well known private part.
+                s = The key has special validity.  This means that it
+                    might be self-signed and expected to be used in
+                    the STEED sytem.
 
             If the validity information is given for a UID or UAT
             record, it describes the validity calculated based on this
@@ -347,6 +351,7 @@ more arguments in future versions.
            "pgp"   for the standard PGP WoT.
 	   "shell" for the standard X.509 model.
 	   "chain" for the chain model.
+           "steed" for the STEED model.
 
         Note that we use the term "TRUST_" in the status names for
         historic reasons; we now speak of validity.