multiple rekor keys should be allowed

There's currently a safety check for exactly one rekor key in sigstore-python: this is incorrect as logs will be retired (after which they'll remain valid verification logs) and once sigstore/rekor-tiles is integrated, we  will actually have two active logs in staging/prod that clients can choose from for a while.
