Update openssl pgp keys and versions

[yosifkit]

The update job is currently failing because OpenSSL changed their signing keys. From https://openssl-library.org/source, it seems like it'll be this single key going forward, but I left the list in the templates in case that changes.

+ gpg --batch --verify /usr/local/src/openssl-3.1.7.tar.gz.asc /usr/local/src/openssl-3.1.7.tar.gz
gpg: Signature made Tue Sep  3 12:57:57 2024 UTC
gpg:                using RSA key BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
gpg: Can't check signature: No public key

...

+ gpg --batch --verify /usr/local/src/openssl-3.3.2.tar.gz.asc /usr/local/src/openssl-3.3.2.tar.gz
gpg: Signature made Tue Sep  3 12:46:51 2024 UTC
gpg:                using RSA key BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
gpg: Can't check signature: No public key

PGP keys for the signatures of old releases are available from the OTC page and can also be signed with a key with the fingerprint: EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5.

The current releases are signed by the OpenSSL key with fingerprint BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF.

- https://openssl-library.org/source/

>=3.1.7 >=3.3.2 and probably >=3.0.15, >=3.2.3, and >=3.4.0-alpha1 are signed with the new key.

[tianon]

I left the list in the templates in case that changes.

You did? 😅 (I'm not seeing that, but I'm also not strongly attached to it and if these build that's probably fine and we can adjust if they change again since they probably won't simply revert and if they change again it'll be a secret third thing)

[yosifkit]

Sorry, I meant that I left it as a list so that it is easy to add more keys again, but not keeping the old unused keys.

[tianon]

Since we only appear to use PGP_KEYSERVER for OpenSSL, perhaps we should just switch to the superior keys.openpgp.org service explicitly? 👀