repo-add: implicitly sign when verifying
Currently it is possible to verify a database signature, without signing the database. This causes the database to be altered, but the (then invalid) signature to be preserved.
Fix this by implicitly signing when verifying.
Signed-off-by: Christian Hesse mail@eworm.de