Introduce client-side realization trust

[zombiezen]

The store API should check in with the client to determine whether it will accept realizations it has already stored. This gives the client the ability to control which parts of the build can be reused.

The client still needs to verify the paths it uses from a store to protect against a malicious store, but this allows a trustworthy store to build store paths to satisfy a client's trust requirements.