See the mailing list discussion for the context where this issue was dissected (thank you, Ingo Klöcker). When using gpgme_op_keylist_from_data_start(), signature information is not included in the key list even if explicitly requested. It seems that GnuPG is not invoked with --with-sig-check.
I'm filing this issue so that it doesn't get lost. This is a roadbump to my attempt to write a sig2dot-like program in C which plots the web of trust. I'll make a $50 USD donation to the GnuPG Project if it is fixed, or perhaps to the independent contributor who crafts a fix on request.