Add key_fingerprints to has_valid_signatures_by_keys predicate

[bluekeyes]

#504 added basic support for SSH commit signatures, but only for the has_valid_signatures and has_valid_signatures_by predicates. Because SSH keys use fingerprints instead of IDs, we should also add a key_fingerprints option to the has_valid_signatures_by_keys so that people can require signatures by specific SSH keys.

This would probably be an OR with the key_ids property, similar to how users, organizations, and teams combine in the has_valid_signatures_by predicate.