Signing Helm packages

[didierofrivia]

Part of the work needed for Kuadrant/helm-charts#18

This PR introduces the GPG signing of Helm chart packages upon creation. It also uploads its provenance file to the GH release page.

The job now requires to be passed an environment variable GPG_KEYRING_BASE64 which represents the GPG keyring base64 encoded, in order to be stored as a GH action variable.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.47%. Comparing base (92de465) to head (8abbb03).
Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #175      +/-   ##
==========================================
- Coverage   84.04%   82.47%   -1.58%     
==========================================
  Files          18       18              
  Lines        1210     1210              
==========================================
- Hits         1017      998      -19     
- Misses        147      160      +13     
- Partials       46       52       +6     

Flag	Coverage Δ
integration	76.03% <ø> (-2.40%)	⬇️
unit	64.23% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
api/v1alpha1 (u)	100.00% <ø> (ø)
pkg/helpers (u)	83.78% <ø> (ø)
pkg/log (u)	93.18% <ø> (ø)
pkg/reconcilers (u)	73.26% <ø> (ø)
pkg/limitador (u)	97.65% <ø> (ø)
controllers (i)	71.24% <ø> (-4.84%)	⬇️
pkg/upgrades	∅ <ø> (∅)

see 2 files with indirect coverage changes