utils: improve verify_signature() to return better user identities
Up to now it always returned the first UID on the key. Unfortunately, that UID was sometimes an UID without email (or with an invalid email) which in turn generated invalid emails in the database. Also the primary UID is not often the Debian UID so we returned personal emails when we could have found the proper Debian identity. So now, we do a first pass looking for an email that matches the domain name of the tracker installation. If it's not succesfull, we return the first valid non-revoked UID with a valid email.