http signatures: derive actor from key IDs
The overwhelming majority of observed HTTP signatures on pleroma.site are of the format actor_id <> "#main-key"
. Accordingly, we can derive the key ID in almost all cases. The edge case where this is not true (Hubzilla) returns the actor when the key ID URI is fetched.
I think it is reasonable to take the refetch performance hit on Hubzilla traffic, because we can work with Hubzilla to fix their key IDs to be something cacheable.
This is part 2 for secure-mode interoperability. It can be applied independently of part 1. It allows GETs to be validated.