Signing Helm packages

[didierofrivia]

Part of the work needed for Kuadrant/helm-charts#18

This PR introduces the GPG signing of Helm chart packages upon creation. It also uploads its provenance file to the GH release page.

The job now requires to be passed an environment variable GPG_KEYRING_BASE64 which represents the GPG keyring base64 encoded, in order to be stored as a GH action variable.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 61.54%. Comparing base (a92b462) to head (3c12338).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #238   +/-   ##
=======================================
  Coverage   61.54%   61.54%           
=======================================
  Files           2        2           
  Lines         788      788           
=======================================
  Hits          485      485           
  Misses        251      251           
  Partials       52       52           

Flag	Coverage Δ
unit	61.54% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[guicassolato]

At a glance, this LGTM. I haven't tried it myself but all in all I trust it works as expected.

Leaving a couple of questions below just for clarity. Feel free to ignore if they are stupid questions of mine.