[FEATURE] Submit GPG public key to the OpenTofu registry

[tthompson-figma]

We would like to migrate to OpenTofu with all providers' GPG signatures validated. However, OpenTofu skips validation for this provider because the OpenTofu registry does not have this provider's GPG key.

You can follow this link to submit it: Submit new Provider Signing Key

If you don't have access to the public key anymore, you can retrieve it from the Terraform registry:

curl 'https://registry.terraform.io/v1/providers/opensearch-project/opensearch/2.3.1/download/linux/amd64' | jq --raw-output '.signing_keys | .gpg_public_keys | .[0] | .ascii_armor'

Note: For security reasons, it has to be submitted by the provider author for the OpenTofu registry to accept it.

Alternatives considered Out-of-band GPG validation for providers missing keys in the OpenTofu registry. This is a pain :)

Additional context OpenTofu is a fork of Terraform that is open-source, community-driven, and managed by the Linux Foundation. Hashicorp https://github.com/opentofu/roadmap/issues/24#issuecomment-1699535216 for the terraform provider registry to disallow usage with things other than terraform, so OpenTofu had to build its own registry.

Potential impact Allows OpenTofu users to use this provider with the same security guarantees they would using Terraform.

[prudhvigodithi]

[Triage] Thanks @tthompson-figma, I will take a stab at this issue. Similar related issue https://github.com/opensearch-project/terraform-provider-opensearch/issues/208. Adding @peterzhuamazon