Add gpg package for helm provenance checks

What does this MR do and why?

Adds the gpg and gpg-agent packages to the gitlab-charts-build-base-helm container. These packages are needed to create helm provenance files.

Related

gitlab-org/charts/gitlab#4076 (closed)

Test plan

• Local build

  docker build -f Dockerfile.gitlab-charts-build-base-helm-3.9 -t gitlab-charts-build-base-helm-3.9:local .

• Verify gpg and gpg-agent is installed.

  docker run --rm gitlab-charts-build-base-helm-3.9:local gpg --version
  gpg (GnuPG) 2.4.3
  libgcrypt 1.10.2
  Copyright (C) 2023 g10 Code GmbH
  License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  
  Home: /root/.gnupg
  Supported algorithms:
  Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
          CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2

• Enter container

  docker run -it --rm gitlab-charts-build-base-helm-3.9:local bash

• Create a gpg key

  $ cat >foo <<EOF
    %echo Generating a basic OpenPGP key
    Key-Type: DSA
    Key-Length: 1024
    Subkey-Type: ELG-E
    Subkey-Length: 1024
    Name-Real: Joe Tester
    Name-Comment: with stupid passphrase
    Name-Email: joe@foo.bar
    Expire-Date: 0
    Passphrase: abc
    # Do a commit here, so that we can later print "done" :-)
    %commit
    %echo done
  EOF
  $ gpg --batch --generate-key foo
  gpg: Generating a basic OpenPGP key
  gpg: /root/.gnupg/trustdb.gpg: trustdb created
  gpg: directory '/root/.gnupg/openpgp-revocs.d' created
  gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/3024F1F5F2D18834C63F426DCA3D10457DF8C6E1.rev'
  gpg: done
  # gpg --list-secret-keys
  gpg: checking the trustdb
  gpg: marginals needed: 3  completes needed: 1  trust model: pgp
  gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
  [keyboxd]
  ---------
  sec   dsa1024 2023-11-30 [SCA]
        3024F1F5F2D18834C63F426DCA3D10457DF8C6E1
  uid           [ultimate] Joe Tester (with stupid passphrase) <joe@foo.bar>
  ssb   elg1024 2023-11-30 [ER]

• Sign file.

  gpg --output foo.sig --detach-sig foo

• Verify signature

  gpg --verify foo.sig foo
  gpg: Signature made Thu Nov 30 18:07:12 2023 UTC
  gpg:                using DSA key 3024F1F5F2D18834C63F426DCA3D10457DF8C6E1
  gpg: Good signature from "Joe Tester (with stupid passphrase) <joe@foo.bar>" [ultimate]

Checklist

• (If applicable) Add patches if required for upgrading Ruby version in https://gitlab.com/gitlab-org/gitlab-build-images/-/tree/master/patches/ruby.