artifact signing

[gavincabbage]

This PR adds a key input for use with GoReleaser's signing feature. The README and Action configuration are also updated accordingly.

When signing is enabled in the GoReleaser configuration, the key input can be populated with a gpg private key block which will be imported before running GoReleaser. The GoReleaser signs.args section should be modified to reference the key, e.g.

signs:
  - artifacts: checksum
    args: ["--batch", "-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"]

This is currently only compatible when using the default gpg command and a private key without a passphrase. Also, only a single public key is supported.

I'm new to TypeScript and also haven't used GPG in a few years so feedback is very welcome. This was the bare minimum to get signing working for a project of mine, but has a lot of caveats as described above.

Thanks for putting this together!

[crazy-max]

A little change but this is awesome! Thanks @gavincabbage!

[gavincabbage]

Got that fixed for you!

[crazy-max]

Thanks again 🙂