Sign:

(https) POST /camli/sig/sign
WWW-Authenticate: [user] [b64pass]

  json=[json to sign]
  keyid=[GnuPG key id / implementation dependent]

On good response:
  HTTP 200 OK
  (signed blob)

else: (if signing fails)
  HTTP 4xx/5xx


TODO(bslatkin): Should the sign response be a more specific value, so
we can tell the difference between a temporary server error and a signing
failure? For verification purposes we need that characteristic anyways.

---

Verify:

(https) POST /camli/sig/verify

  sjson=[signed json to verify]
  (proposed) keyarmored=[GnuPG armored key]

On good response:
  HTTP 200 OK

  YES

else: (if verification fails)
  HTTP 200 OK

  <any other message that describes the problem>


Verify will look in the object to find the "camliSigner" key and use that
blobref's contents (assumed to be a public key) to verify the signature on
the object. Configuring the signing server to have the public key blobref
is out of scope.