Generate a checksum file for release artifacts and sign it

**As:** a user 
**I want to:** ensure that downloaded binaries are those that are actually released by the Ystia team
**So that:** I can be confident in the downloaded binaries (security, integrity, ...)

**AC1:** Should generate a checksum file that contains checksum for each release artifact
**AC2:** Should sign the checksum file with a publicly verifiable gpg key 
