Add config.allowInsecureVerificationWithReformattedKeys

[larabr]

Using openpgp.reformatKey with the default date option would render messages signed with the original key unverifiable by OpenPGP.js v5 (not v4), since the signing key would not be considered valid at the time of signing (due to its self-certification signature being in the future, compared to the message signature creation time).

This PR adds config.allowInsecureVerificationWithReformattedKeys (false by default) to make it possible to still verify such messages with the reformatted key provided the key is valid at the date specified for verification (which defaults to the current time).

To avoid this type of issue with message verification, we recommend to pass the key creation time as date when using reformatKey.