Add signature option to bp.json

[systemzax]

Related to #7

If we allow qualification of the producer public_key as suggested in #7 , we would make it practical to also include an optional signature field to the file to attest authenticity.

The json representation should be stringified in a canonical / deterministic manner, then signed with the private key associated to the account with active permission.

This would make the standard more solid and protect against spoofing, impersonation, phishing attacks, etc... as people will start relying on them more and more.

[lukestokes]

Since the bp.json is served from a block producer's own website which is signed vis SSL, is a signature really needed?

[igorls]

we considering adding a optional signature field (this would require some specification on how to sign it), @lukestokes @systemzax do you guys believe this is still an issue? although updating the bp.json on-chain is possible, there are some use cases where is not as practical as the web version

my main worry is about possible vulnerabilities on servers hosting the website (which are usually less secure than other infra), adding the signature would definitely prevent against takeovers