`skip export` should warn that it's not signing its APK

[dfabulich]

https://skip.tools/docs/deployment/#export-signing

Signing the Exported Android Artifacts

By default, the exported .build/skip-export/AppName-debug.apk file is signed with a single-use temporary signature, which means that you can install it on an Android emulator or simulator but future versions of the app cannot be upgraded without first manually removing the existing app.

The release APK at .build/skip-export/AppName.apk, on the other hand, is not signed at all by default. Signing the APK is something that you can manage manually however you want (such as by integrating signing into your app’s CI workflow), but the default Android/app/build.gradle.kts build file will look for the presence of keystore.properties and keystore.jks files in the Android/app/ folder.

Once these files are present, running skip export will automatically sign the release .apk file, which will enable you to distribute and run release builds of your app directly, without going through the Google Play Store.

I put my keystore file in the wrong directory, and so skip export silently ignored it.

skip export should log a warning if it generates an unsigned release APK.

I think it would also be helpful to have a --enforce-signature mode (perhaps enabled by default?) that will cause skip export to fail if it can't fully sign its outputs.