Improve comparison logic during signature joining

[vanitasvitae]

While playing with some tooling I built on top of BC/PGPainless, I noticed crashes when processing my whole GPG key ring (350+ keys).

Apparently the comparison code in PGPSignature.join() / PGPPublicKey.join() that checks, whether two signature objects represent the same signature is not specific enough. I stumbled across a key, which carried two signatures with the same RSA signature value, but different signature versions (one was version 3, the other one version 4).

As a result, PGPSignature.join() failed when trying to merge the subpacket areas, due to v3 sigs not having subpackets, resulting in an NPE.

This patch hardens signature comparison by also taking the version number into account, and by preventing to join v2/v3 signatures.