findInvalidatedSignatures

Determines whether any signatures in a package have been invalidated by content modifications.

Compares reference digests against current entry content. Signatures become invalid when the signed entries are modified after signing.