Please document your gpg keys

[yeikel]

We use Dependency Verification and currently there is no documentation stating which keys are safe

Could you please document this?

For example,1.81 was signed using dcba03381ef6c89096acd985ac5ec74981f9cda6

But 1.82 was signed is using a 22E44AC0622B91C3

Here are some examples of other projects documenting what key they use to sign their artifacts.

https://github.com/qos-ch/slf4j/blob/master/SECURITY.md#verifying-contents https://square.github.io/okhttp/security/security/#verifying-artifacts https://downloads.apache.org/logging/KEYS