Using secret GPG_PASSPHRASE for improved security

[mkarg]

Description

This PR improves the security of our publication process by utilizing passphrases for GPG private keys by the Github Action.

Usage

In the Github security configuration, add a new GPG_PASSPHRASE secret, containing the passphrase of that secret key that you identified using the GPG_KEY_ID secret.

[mkarg]

@cbeust I think it is a good idea if we improve security a bit by utilizing passphrases for GPG secret keys. The change works fine in my fork with a passphrase, but as you have not yet set a passphrase in your fork, you need to create the new secret GPG_PASSPHRASE in your repo's security settings, as I assume that Github Actions will fail if a referenced secret ID is not actually existing.

[mkarg]

@cbeust Merged after a four-weeks review period. I am assuming you have no objections. Please update GPG__PASSPHRASE in your Github security settings.