Update signed flag

This is something we noticed while working at https://github.com/pixelated/pixelated-user-agent/issues/894.

The main consideration is when an incoming email is signed using a key that was also sent attached, but this key isn't preliminarily available to the receiver. Essentially, the signed flag was being set before extracting the attached key.

Known cases:

• users of different providers exchange emails for the first time (and the keys aren't published to a keyserver)
• user changed his/her keys (and the receiver client still thinks the sender key is valid)

Solution:

Since the decrypt/verify operation is done in one GPG call, this PR proposes to make a second decrypt/verify call when the signature couldn't be previously verified and a key was imported via attachment or OpenPGP header.

This solution covers both reported cases.