Add AllowedAPKSigningKeys to all reproducible build packages

Since F-Droid doesn't support checking signed git tags, this at least gives some end-to-end signature checking for the actual reproducibly built binaries, which is arguably even better.

Details in: https://twitter.com/EdgeSecurity/status/1646910566261473280

After this is merged, in order to keep this working, the linter should probably require a AllowedAPKSigningKeys: if a Binaries: or binary: is present, which is taken care of via fdroidserver!1343 (merged)