Fix validation logic in the base consumer

The base consumer is intended to only derive its validation switch from the
on-disk configuration if the child class doesn’t override the
validate_signatures switch.

There was a bug here where the default value provided in the base class made it
appear as if *all* child consumers had turned *off* validation, which is
incorrect.

This fix turns on signature validation by default while preserving the ability
of child consumers to override the on-disk configuration in special cases.

– Fixes: CVE-2017-1000001
– Reviewed-by: Patrick Uiterwijk