rpm-md downgrade protection

[cgwalters]

See #1079 (comment) which is for the server side of this:

While I've certainly pitched this as a feature, I think
we really want something like --force-older-timestamp - basically
error out if the timestamps on one or more input repos were older.

Also related is ye olde is my system-up-to-date 🆕?.

Basically I think we need to do rpmmd-repo pinning by timestamps. I think things are mostly OK today if one fetches the rpmmd over https:// and doesn't do rpm-ostree cleanup -m. (But that remains to be determined)

Fixing the second problem means that we should reject (or ignore) repos with older timestamps for layered packages? And actually implementing this means that we may need to change to "repo pin" layered packages by default. That has interesting UI implications.

[cgwalters]

Or a different approach I was thinking here is to just do timestamp checking for the repos vs the final commit that we already write. That would be highly symmetric with the libostree side.