De-duplicate not needed certifications by cleaning the keyring after
import to remove old files when processing revocations. This basically
adds the functionality compared to import-clean.

Declare the whole keyring data as well as the code as input dependency
for the build target. This way we can properly depend on the build
target for installation without forcing rebuilding on every invocation.

A rebuild will be triggered if either the keyring or the source code
creating the build output changes.

The directories are added to the source dependencies on purpose to
guarantee that changes like deleted files will result in a rebuild.

The mtime of the build directory is force updated on every run to allow
make to track the output artifacts mtime compared against the
dependencies.

Add a postfix hash of the raw uid data to the filenames to avoid
collisions with the simplified uid.