Move responsibility for verifying leaf signatures
Moved from LeafRequestFromHTTP to the addLeaf handler.
LeafRequestFromHTTP still processes and validates the sigsum-token: header, but otherwise, it just parses the message and populates the req struct.
Also change the AddLeaf method in the database layer to accept a types.Leaf rather than a requests.AddLeaf, to make it clear that it isn't expected to verify the signature (it can't, because now it gets only the key hash, not the actual public key).