Switching signing of artefacts to LF id

[planetf1]

Currently I sign the release artefacts. This was needed in lieu of a LF process to perform this signing as part of a github action.

The LF have now completed the prep work to enable signing in a github action environment

Opening issue to track the switch over to LF signing ids

[planetf1]

See https://jira.linuxfoundation.org/browse/RELENG-3387 (restricted)

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 20 days if no further activity occurs. Thank you for your contributions.

[planetf1]

As a short term fix, I suggest you may wish the pipelines to be signed by @mandy-chessell or @lpalashevski

Github secrets are used to store - see https://egeria-project.org/guides/contributor/release-process/secrets/?h=secrets with secrets beginning OSSRH_GPG

Some useful docs on creating a GPG key can be found at https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key

GPG can be installed on macos via homebrew

The long term fix is to work with the LF on migrating to their new signing process, but this will take some refactoring of the pipelines.