Define criteria for signature inclusion in database

[lberrymage]

To my knowledge, there aren't any specific criteria for including an app signature in the AppVerifier database. This poses a few problems, namely:

1. Users don't know what it means for an app signature to be included in the database (and so may not trust it)
2. The database could grow to an unmanageable size without moderation

Because entries are relatively small, I don't think (2) is a significant issue for now. But in my opinion, (1) is certainly worth addressing so that users know what guarantees they have when they see an app included in the database.

Specifically, I suggest formalizing and documenting the process followed to determine whether a proposed entry should be included in the database, including a process to verify its legitimacy.

[soupslurpr]

That sounds like a good idea