Running nuget trusted-signers list
showed I had one trusted signer by the name of "NuGet Test Developer".
This was present in %appdata%\NuGet\NuGet.Config
under the <trustedSigners>
node.
Commenting out the entire <trustedSigners>
node allowed restore to complete successfully.
It may also be possible to use nuget trusted-signers Add -Name nuget.org
to explicitly trust packages from nuget.org, but in my case I don't believe I need the "NuGet Test Developer" signator.
It may also be possible to use nuget config -set signatureValidationMode=accept
to disable signature validation altogether.
I found this article useful for learning more about NuGet package signing.