`bindle push` needs to sign using the `creator` role for the current user's key

[technosophos]

Some flags might be necessary to override defaults, but here is what I am thinking as the default behavior:

• User runs bindle push
• Client loads user's signing secret key, failing if the key is not found
• Client loads the invoice.toml
• Client signs the invoice object (support is in signature.rs)
• Client appends signature as a [[signature]] block on the invoice.toml
  • Option A: The invoice with the signature is stored on disk
  • Option B: This version of the invoice is in memory only, since there is little value in keeping the signature on the artifact on disk
• Client pushes the invoice to Server

[technosophos]

Depends on #103