test_duplicate_keys_root should add duplicate signatures too

[jku]

the test_duplicate_keys_root test is pretty good:

• it adds duplicate keyids (and one matching key) to snapshot role and signs the new root
• test expects client refresh to fail This can happen for two reasons
  • either the client does not accept the new root because of duplicate keyids (Add test for duplicate keyids #108)
  • or client does accept new root but snapshot does not meet threshold

The one thing I'd like to add is that snapshot metadata should contain duplicate signatures: the same keyid/signature pair multiple times.

Implementing this requires the RepositorySimulator refactor "explicit signing #155 since we need to manually tweak the signatures .