add public PGP key to installation as trusted key

[martinlippert]

We should add our public PGP key to the product as a trusted key, so that users don't get prompted to manually trust the key when they update existing installations.

An example for this is:
https://github.com/eclipse-platform/eclipse.platform.releng.aggregator/blob/73905d3ea1a8dbf42f17806ac0ccc41fec7df8d6/eclipse.platform.releng.tychoeclipsebuilder/eclipse.platform.repository/pom.xml#L299

[BoykoAlex]

@martinlippert don't think the example above accomplishes what we'd like to achieve... I've tried adding the code in the pom many times in different forms and it had no effect.

If we want to contribute a trusted key than I think it should be done via extension point like here #1089.

However, this still doesn't achieve the desired effect since there is laso Bouncy Castle key that users need to trust and then another one unnamed and then there are also Trusted Authorities for dist.springsource.com and downloads.springsource.com which is some Cloudflare thing which user is prompted to trust as well. I didn't figure out how to contribute authorities... maybe this is via jvm keytool...

In the preferences in the search box type "pgp" should show "Install/Update" -> "Trust" page where you could what are the trusted key and authorities.

Anyway, I don't think i see a solution that frees the user from dealing with the Trust prompt dialog yet... Don't think we are ready to fix this fully.

[martinlippert]

Let's contribute the public Spring key for the moment. We can add additional items here in the future and create separate issues for that.

[BoykoAlex]

PGP key contribution is added with 0b848aa