prepareVerifiedImport built a Package struct from the manifest before
checking its signature at all: readManifestAndCreatePackage decoded
and used manifest.v1 first, and verifyManifestSignatureAndGetSigner
only checked the signature afterward against a separate fresh read.
Untrusted content got parsed (and used to populate package metadata)
regardless of whether it was ever validly signed.
Signature verification now runs first; createPackageFromManifest
decodes directly from the verified bytes instead of reading the file
again. A malformed manifest with no valid signature is now rejected
as SignatureInvalid rather than leaking InvalidInput from decoding
untrusted bytes before the signature was ever checked.