Central store should allow signatures for more than one project

A group has a central signature store for multiple projects, then contributors could be ok for all of them and sign a single CLA. So separating signatures into per-project directories may be complicated. Allow for an optional catch-all signature store as well.

The signature store's directory structure could have

• project id1 <- signatures only for project id1
• project id2 <- signatures only for project id2
• ...
• project id* <- signatures for any project that points to this store, a group rule

The bot would then need to differentiate different access tokens for the projects. This will require a mapping of project -> token or a way of passing the token id via the payload of the webhook?