Move responsibility for verifying leaf signatures

Moved from LeafRequestFromHTTP to the addLeaf handler.

LeafRequestFromHTTP still processes and validates the sigsum-token: header, but otherwise, it just parses the message and populates the req struct.

Also change the AddLeaf method in the database layer to accept a types.Leaf rather than a requests.AddLeaf, to make it clear that it isn't expected to verify the signature (it can't, because now it gets only the key hash, not the actual public key).