[openpgp] OpenPGP (XEP-0373) plugin doesn't verify signature
Plugin decryption routine doesn't check fingerprint output of verify routine. Therefore, any public key in gpg keychain is ultimately trusted as authenticated author of message (due to
always_trust in PGPContext wrapper).
Fingerprint is saved to message attribute which is available in tooltip popping up on mouse hover at green keylock icon, but it's next to nothing.