Code review comment for lp:~apw/launchpad/signing-gpg-sign-checksum-files

Ok. Following some discussion on IRC we decided that the signing object should only sign things in the archive root. To do this we now delay hashing and signing of the custom upload till after it has been extracted and moved into place. This lets us enforce the signing location.

Pushed up a new version which includes the above changes and should also should address the other formatting issues identified.