Please gpg sign release

[jonathancross]

I didn't see signature files with the latest downloads meaning that users are just trusting github.
Would be much better if devs signed binaries (and release tags) so users could have more confidence in the builds.

[welcome]

Thank you for submitting your first issue to this repository! A maintainer will be here shortly to triage and review.
In the meantime, please double-check that you have provided all the necessary information to make this process easy! Any information that can help save additional round trips is useful! We are triaging issues on weekly basis and aim to give initial feedback within a few business days. If this does not happen, feel free to leave a comment.
Please keep an eye on how this issue will be labeled, as labels give an overview of priorities, assignments and additional actions requested by the maintainers:

• "Priority" labels will show how urgent this is for the team.
• "Status" labels will show if this is ready to be worked on, blocked, or in progress.
• "Need" labels will indicate if additional input or analysis is required.

Finally, remember to use https://discuss.ipfs.tech if you just need general support.

[lidel]

Marking as duplicate of #2867

Please see my note how current artifacts are built (fully on github CI, so you have to trust github anyway) and post your threat model, and ideas on what should be improved and why on that issue 🙏