Report any non-app signatures.

Before, veridex only reported signatures that were defined in the CSV file. This CL still preserves the same use case by default, but also allows reporting any other signatures as "invalid" if they are not defined in the --dex-files.

Test: manual
Change-Id: I10753d05bf9f418d2c8543be16cdfb335be9044c
8 files changed