Comment 18 for bug 1503979

OK, that makes sense. Sorry, I did not see that from the bug report and did not remember apt.utils existing.

To ignore the signature, we need to open the InRelease file using apt_pkg.open_maybe_clear_signed_file() and pass the returned file descriptor to the TagFile, AFAICT.