General Package signing

[pedro-psb]

Is your feature request related to a problem? Please describe.

Copying from https://github.com/pulp/pulp_rpm/issues/2986, which focused on upload-time signing:

[praiskup] I'm afraid there will be a need for after-upload (re)signing, at least from time to time. We did a mass resign before, and resigning is quite common for Koji. Also, for example there's a Copr related problem with rpm && "prolonged" signing keys (we have to solve this somehow, and we are not quite sure what to do right now, re-signing is one of the options)

We also have a script for re-signing (https://github.com/pulp/pulp_rpm/issues/2986#issuecomment-1933576043)

[bersace] We would like to resign package from remote as well as after upload. We may also want to resign because we updated the signing key. (https://github.com/pulp/pulp_rpm/issues/2986#issuecomment-2051657988)

Describe the solution you'd like Be able to sign RPM packages after they are already in Pulp.

Describe alternatives you've considered Ask people to get an RPM from Pulp and do a on-upload signature (inefficient).

Additional context Some context and useful discussion can be found in #2986 General notes:

• It'll require that the whole artifact is downloaded and re-uploaded from storage.
• A new artifact will be produced and the old is not automatically destroyed.
• We cant easily tell if a pulp package is signed in the first place