Consider signing releases

[ottok]

Thanks for continued work on xclip and hopefully there will be a new release in 2025!

This project uses rich releases at https://github.com/astrand/xclip/releases. Could you please consider also offering signatures?

It is good practice in open source projects to publish cryptographic signatures alongside the tarball source releases, so that e.g. Linux distributions and other downstreams can use OpenPGP to verify the authenticity of the imported release.

This is not a hard requirement, just nice to have. Managing OpenPGP keys securely requires some effort. A good guide on the topic can be found at https://github.com/lfit/itpol/blob/master/protecting-code-integrity.md/