Change check_sigs to on by default

[dweekly]

We should protect perl users out-of-the box by checking their module signatures unless they've told us otherwise.

When check_sigs was set to 0 for first time users 13 years ago, there was a concern that signature checking apparatus wasn't sufficiently mature. With more than a decade behind us, perhaps we could consider enabling this now as a sensible default.

If Module::Signature isn't installed, users are still able to install modules, just with a reminder to please install Module::Signature if they'd like to verify modules, so this change shouldn't exclude or break anyone.