It would be nice for strip-nondeterminism to ignore signed JARs (but
print a warning), since its modifications will break the signature.
According to the jarsigner(1) man page, a signed JAR will have .DSA
and .SF files in the META-INF, so we can look for those.
An example of a signed JAR can be found in
Reproducible-builds mailing list