upas/dkim: allow custom headers to be signed

The list of headers someone wants to sign is larger that the default
list used by upas/dkim.  For example, many servers add 'cc',
'reply-to', 'sender' and 'mime-version', the top of the recommended
list[1].

In addition to this, there are times when you want to sign
specific headers on some messages. For example, Google
signs tls-report-submitter and tls-report-domain with smpt-tls-reporting
messages.

[1]: https://dkim.org/specs/rfc4871-dkimbase.html#choosing-header-fields
---
diff 2c6484d1804bd719ae89b9ee36e90b61dd9f6fbb 742fd9b6fa574793f709fa69b791196438ad1ee8
--- a/sys/man/1/filter
+++ b/sys/man/1/filter
@@ -204,6 +204,11 @@
 flag specifies the selector. If the selector is not
 specified, it defaults to
 .IR dkim .
+.I -h
+flag specifies a list of headers to sign. If this flag is not
+specified, it defaults to
+.IR from:,to:,subject:,date:,message-id:
+.
 The keyspec searched for the signing key is:
 .IP
 .EX
--- a/sys/src/cmd/upas/dkim/dkim.c
+++ b/sys/src/cmd/upas/dkim/dkim.c
@@ -6,7 +6,7 @@
 #include <authsrv.h>
 #include <pool.h>
 
-char *signhdr[] = {
+char *defsignhdr[] = {
 	"from:",
 	"to:",
 	"subject:",
@@ -14,6 +14,8 @@
 	"message-id:",
 	nil
 };
+char **signhdr = defsignhdr;
+char *usersignhdr[20];
 
 char *keyspec;
 char *domain;
@@ -93,7 +95,7 @@
 void
 usage(void)
 {
-	fprint(2, "usage: %s [-s sel] -d dom\n", argv0);
+	fprint(2, "usage: %s [-s sel] [-h headers] -d dom\n", argv0);
 	exits("usage");
 }
 
@@ -109,6 +111,10 @@
 	ARGBEGIN{
 	case 'd':
 		domain = EARGF(usage());
+		break;
+	case 'h':
+		usersignhdr[getfields(EARGF(usage()), usersignhdr, nelem(usersignhdr)-1, 1, ",")] = nil;
+		signhdr = usersignhdr;
 		break;
 	case 's':
 		selector = EARGF(usage());