publish hashes of signing keys

[grrrrr]

Checklist

• [X] I made sure that there are no existing issues - open or closed - which I could contribute my information to.
• [X] I have read the FAQ and my problem isn't listed.
• [X] I'm aware that this is a request for NewPipe itself and that requests for adding a new service need to be made at NewPipeExtractor.
• [X] I have taken the time to fill in all the required details. I understand that the feature request will be dismissed otherwise.
• [X] This issue contains only one feature request.
• [X] I have read and understood the contribution guidelines.

Feature description

On Android, you can use AppVerifier to confirm if an apk was signed by the owners or an untrusted key (as well as other methods). This can be combined with Obtanium to check at install time.

The hashes could be published in a number of places for additional trust. e.g

• blog post
• gpg signed download
  • mastodon / twitter /...
  • Github

Why do you want this feature?

Allows for an additional layer of certainty being able to easily check that the apk is legitimately signed

Additional information

tangentially related to #5469

[bats6931]

FWIW these are currently published in the homepage, under the "Get NewPipe" section: https://newpipe.net. Got my green AppVerifier checkmark :)