package: consistently handle --allow-untrusted for all signature rejection cases

This makes apk accept packages in all cases where a signature rejection occurs if the user specifies --allow-untrusted.