Add AllowedAPKSigningKeys to all reproducible build packages
Since F-Droid doesn't support checking signed git tags, this at least gives some end-to-end signature checking for the actual reproducibly built binaries, which is arguably even better.
Details in: https://twitter.com/EdgeSecurity/status/1646910566261473280
After this is merged, in order to keep this working, the linter should probably require a AllowedAPKSigningKeys: if a Binaries: or binary: is present, which is taken care of via fdroidserver!1343 (merged)
Edited by Jason Donenfeld