Detect and warn about when recommended headers are present but not signed

[skomski]

The DKIM RFC6376 (https://datatracker.ietf.org/doc/html/rfc6376#section-5.4.1) mentions recommended headers that if present should be signed. It would be great if dkim_verifier could warn about present unsigned recommended headers. For example Subject or Reply-To should be definitely signed.

[lieser]

Thanks for the suggestion. Its similar to what I plan to do in #102. Will also look at the recommended signed headers if I look into it.

[lieser]

I added support for this, you could try the attached version:
dkim_verifier@pl-0a7d587.zip

Note that this can be configured in the policy options. Would be nice to get feedback on how common warnings in the recommended mode are. I have a few bigger senders that don't sign all headers the RFC recommends, so a little hesitant to make that the default.
The current default relaxed mode only warns about the subject not being signed (from was already an error, as this is a strict requirement in the RFC).