`feedFrom(array<Block>)` by default ignores signature verification

[telamon]

picofeed/index.js

Line 495 in feaf8e2

this._index(false, sigKeyMap)

This should be an option feedFrom(source, noVerify=false)

Scenarios where signature verification should be bypassed is when loading feeds from a trusted location
like a blockstore where only the previously verified blocks are stored.

But in all normal scenarios this would be major pitfall, signatures should always be verified whenever a new
feed is instanced.

[telamon]

Something got borked when we started including public keys of authors into blocks.
Before we used the presence of a key in Feed.keys to track the the verified status of a block.

Just a memo to myself;
As a user i don't want to accidentally read unverified data, all instances of Feed are always verified.
As a block-store i don't want to re-verify previously persisted blocks in a trusted store, i need to bypass verification in feedFrom()