net: Fix KeyServer::{get,search}.

  - Change both functions to return a vector of Result<Cert>.  First,
    the keyserver may return more than one cert for both user ID
    searches as well as searches by key handle.  Second, we may
    understand not all certs returned by the server, and that is okay,
    and we shouldn't let the whole query fail because of that.

  - Previously, the functions made an attempt at validating the
    results.  However, that is flawed.  First, in the case of
    retrieval by key handle, the test was brittle and easily
    circumvented by a key server.  Second, the server may have good
    reason to return an additional cert, even if it doesn't have the
    key handle that the user asked for.  For example, it may know that
    a cert is superseded and return the new one too, as a courtesy.
    draft-shaw-openpgp-hkp-00 doesn't forbid that.

  - In the case of search by email address, the server may know the
    association between the queried email address and the cert, even
    if said association is not recorded in the cert itself.

  - Remove the brittle checks, return all certs returned by the
    server, add a warning to the documentation of KeyServer::get.

1 files changed, 3 insertions, 2 deletions

diff --git a/net/tests/hkp.rs b/net/tests/hkp.rs
index 4db859e2..5133c280 100644
--- a/net/tests/hkp.rs
+++ b/net/tests/hkp.rs
@@ -124,9 +124,10 @@ async fn get() -> anyhow::Result<()> {
 
     let keyserver = KeyServer::new(&format!("hkp://{}", addr))?;
     let keyid: KeyID = ID.parse()?;
-    let key = keyserver.get(keyid).await?;
+    let keys = keyserver.get(keyid).await?;
+    assert_eq!(keys.len(), 1);
 
-    assert_eq!(key.fingerprint(),
+    assert_eq!(keys[0].as_ref().unwrap().fingerprint(),
                FP.parse().unwrap());
     Ok(())
 }