Add SOURCE_DATE_EPOCH support for GPG signers

[tonobo]

Both the external GPG signer (--faked-system-time) and internal Go OpenPGP signer (signerConfig.Time) now honor SOURCE_DATE_EPOCH, producing reproducible signatures alongside the plain Release file dates.

Adds system tests for both signer backends verifying byte-identical Release, Release.gpg and InRelease across repeated publishes.

The signer tests (PublishRepo3[78]Test) are using an ed25519 key because
ed25519 signatures are deterministic by design. The Go openpgp library
uses a random nonce for DSA/ECDSA (see signature.go Sign calls using
config.Random() link below) so those signatures vary across runs
even with a fixed timestamp, making byte-identical verification impossible.

In addition to 49f3428

Ref: #1537
Ref: https://github.com/ProtonMail/go-crypto/blob/v1.4.0/openpgp/packet/signature.go#L945-L979

Checklist

• allow Maintainers to edit PR (rebase, run coverage, help with tests, ...)
• unit-test added (if change is algorithm)
• [x} functional test added/updated (if change is functional)
• man page updated (if applicable)
• bash completion updated (if applicable)
• documentation updated
• author name in AUTHORS

[tonobo]

@neolynx sorry for the inconvenience, I had to submit a follow-up. The original commit only works as long as the repository is not signed. I'm personally using the internal signer only, which causes issues on two fronts.

The fix itself is fairly simple, as you may have seen in the changes. However, aptly uses an outdated version of the PGP package, which isn't a problem on its own. The complication is that I'm importing aptly not as a prebuilt binary but as a cmd wrapper. There are various reasons for this (admittedly ugly) approach, but the downside / or upside, depending on your perspective, is that we needed to align the go-crypto version with at least v1.4, where NonDeterministicSignaturesViaNotation was introduced.

Always fun 😄

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.71%. Comparing base (1442651) to head (e95e9a6).

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1542      +/-   ##
==========================================
- Coverage   76.99%   76.71%   -0.29%     
==========================================
  Files         160      160              
  Lines       14778    14786       +8     
==========================================
- Hits        11379    11343      -36     
- Misses       2266     2316      +50     
+ Partials     1133     1127       -6     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[neolynx]

rebased on master,,,

had to rename tests.