Releases should be signed

[illume]

The check on the headlamp OpenSSF scorecard identifies that we are not signing releases.

Note: we have an issue for the helm chart needing to be signed opened here: https://github.com/headlamp-k8s/headlamp/issues/1989 Artifact hub detects this issue for the helm chart as well, and shows a badge that we are not signing that release.

See:

• Score card docs on Signed-Releases
• Creating signed GitHub releases

Warn: release artifact headlamp-helm-0.22.0 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158136215
Warn: release artifact v0.24.0 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158066078
Warn: release artifact headlamp-helm-0.21.0 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153973748
Warn: release artifact v0.23.2 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153901782
Warn: release artifact v0.23.1 not signed: https://api.github.com/repos/headlamp-k8s/headlamp/releases/148654809
Warn: release artifact headlamp-helm-0.22.0 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158136215
Warn: release artifact v0.24.0 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/158066078
Warn: release artifact headlamp-helm-0.21.0 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153973748
Warn: release artifact v0.23.2 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/153901782
Warn: release artifact v0.23.1 does not have provenance: https://api.github.com/repos/headlamp-k8s/headlamp/releases/148654809