Add the package validation state before adding the signature records (#349)

Fix NuGet/Engineering#1186

Author: joelverhagen

src/Validation.PackageSigning.ExtractAndValidateSignature/SignatureValidator.cs

@@ -202,11 +202,13 @@ private async Task<SignatureValidatorResult> HandleSignedPackageAsync(
                     new ClientSigningVerificationFailure(ex.Code.ToString(), ex.Message));
             }
 
+            // Mark this package as signed. This needs to happen before the extraction due to a foreign key constraint.
+            var result = await AcceptAsync(packageKey, message, PackageSigningStatus.Valid);
+
             // Extract all of the signature artifacts and persist them.
             await _signaturePartsExtractor.ExtractAsync(packageKey, signedPackageReader, cancellationToken);
 
-            // Mark this package as signed.
-            return await AcceptAsync(packageKey, message, PackageSigningStatus.Valid);
+            return result;
         }
 
         private async Task<SignatureValidatorResult> GetVerifyResult(