Checksum-dependency: implement PGP verification

Here's what I have for vlsi-release-plugins itself for now:

25 keys:
379ce192d401ab61 com.diffplug.durian
379ce192d401ab61 com.diffplug.spotless
59a252fb1199d873 com.google.code.findbugs
7a01b0f236e5430f com.google.code.gson
bf935c771a8474f8 com.google.errorprone
abe9f3126bb741c1 com.google.guava
29579f18fa8fd93b com.google.j2objc
7eb97d110dfadd60 com.googlecode.concurrent-trees
72475fd306b9cab7 com.googlecode.javaewah
a50569c7ca7fa1f0 com.jcraft
602ec18d20c4661c com.thoughtworks.xstream
86fdc7e2a11262cb commons-codec
a41f13c999945293 commons-logging
6449005f96bc97a3 de.undercouch
7c25280eae63ebe5 org.apache.httpcomponents
873a8e86b4372146 org.apache.maven
b16698a4adf4d638 org.checkerframework
41321490758aad6f org.codehaus.groovy
6525fd70cc303655 org.codehaus.mojo
5b05ccde140c2876 org.eclipse.jgit
bcf4173966770193 org.jetbrains
379ce192d401ab61 org.jetbrains.intellij.deps
98fe03a974ce0a0b org.jetbrains.kotlin
379ce192d401ab61 org.jetbrains.kotlinx
2c7b12f2a511e325 org.slf4j

Resolved 49 of 57 signatures

Missing 8 signatures:
  com.diffplug.spotless:spotless-plugin-gradle:3.23.0@jar.asc
  com.github.ben-manes:gradle-versions-plugin:0.21.0@jar.asc
  com.gradle.publish:plugin-publish-plugin:0.10.1@jar.asc
  gradle.plugin.org.jetbrains.gradle.plugin.idea-ext:gradle-idea-ext:0.5@jar.asc
  org.gradle.kotlin:plugins:1.2.9@jar.asc
  org.jetbrains.dokka:dokka-gradle-plugin:0.9.17@jar.asc
  xmlpull:xmlpull:1.1.3.1@jar.asc
  xpp3:xpp3_min:1.1.4c@jar.asc

Resolved 49 signatures:
  com.diffplug.durian:durian-collect:1.2.0@jar.asc
  com.diffplug.durian:durian-core:1.2.0@jar.asc
  com.diffplug.durian:durian-io:1.2.0@jar.asc
  com.diffplug.spotless:spotless-lib-extra:1.23.0@jar.asc
  com.diffplug.spotless:spotless-lib:1.23.0@jar.asc
  com.google.code.findbugs:jsr305:3.0.2@jar.asc
  com.google.code.gson:gson:2.8.5@jar.asc
  com.google.errorprone:error_prone_annotations:2.1.3@jar.asc
  com.google.guava:guava:25.1-jre@jar.asc
  com.google.j2objc:j2objc-annotations:1.1@jar.asc
  com.googlecode.concurrent-trees:concurrent-trees:2.6.1@jar.asc
  com.googlecode.javaewah:JavaEWAH:1.1.6@jar.asc
  com.jcraft:jsch:0.1.54@jar.asc
  com.thoughtworks.xstream:xstream:1.4.10@jar.asc
  commons-codec:commons-codec:1.9@jar.asc
  commons-logging:commons-logging:1.2@jar.asc
  de.undercouch:gradle-download-task:3.4.3@jar.asc
  org.apache.httpcomponents:httpclient:4.5.3@jar.asc
  org.apache.httpcomponents:httpcore:4.4.6@jar.asc
  org.apache.maven:maven-model:3.0.4@jar.asc
  org.checkerframework:checker-qual:2.0.0@jar.asc
  org.codehaus.groovy:groovy-xml:2.4.7@jar.asc
  org.codehaus.groovy:groovy:2.4.7@jar.asc
  org.codehaus.mojo:animal-sniffer-annotations:1.14@jar.asc
  org.eclipse.jgit:org.eclipse.jgit:4.9.0.201710071750-r@jar.asc
  org.jetbrains.intellij.deps:trove4j:1.0.20181211@jar.asc
  org.jetbrains.kotlin:kotlin-android-extensions:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-annotation-processing-gradle:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-build-common:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-compiler-embeddable:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-compiler-runner:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-daemon-client:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-gradle-plugin-api:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-gradle-plugin-model:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-gradle-plugin:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-reflect:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-sam-with-receiver:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-script-runtime:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-scripting-common:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-scripting-compiler-embeddable:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-scripting-compiler-impl-embeddable:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-scripting-jvm:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-stdlib-common:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-stdlib-jdk7:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.3.41@jar.asc
  org.jetbrains.kotlin:kotlin-stdlib:1.3.41@jar.asc
  org.jetbrains.kotlinx:kotlinx-coroutines-core:1.1.1@jar.asc
  org.jetbrains:annotations:13.0@jar.asc
  org.slf4j:slf4j-api:1.7.2@jar.asc

vlsi / vlsi-release-plugins

Checksum-dependency: implement PGP verification #9