update install doc to clarify release tar.gz links

[bridgetkromhout]

@phillipgibson pointed out that the documentation at https://helm.sh/docs/intro/install/#from-the-binary-releases says "Download your desired version" with a link to a release page that will have both .tar.gz files and .tar.gz.asc files.

• Let's disambiguate this page in the docs so it's clear that people currently should manually download the tar.gz files from the Installation and Upgrading section, not from Assets
• Let's clarify why the links in the assets section use ascii armor and what, if necessary, people should do to interact with the .asc files directly.

[Timothy-Dement]

Hello @bridgetkromhout and @phillipgibson — I am looking at picking up this issue as a first-time contributor to Helm.

I'll open a WIP draft pull request soon, and will plan to have it complete by the end of the week.

I'll be following the contribution processes, but please feel free to correct or send along any additional information I may need — thank you!

[Timothy-Dement]

I will do some poking around and reading, but not sure I could answer this specifically without input from maintainers:

why the links in the assets section use ascii armor

[bacongobbler]

Releases are signed as part of the release process. Users can then verify the attestation of those packages by importing Helm's KEYS file into their own keyring. The .asc files are the ascii-armored public keys used to verify the packages.

[Timothy-Dement]

Thank you @bacongobbler — that gives me all the info I need!