Release process: generate the expected OpenPGP signature verification output in a more deterministic way (refs: #16585)

Using --trusted-key avoids this warning:

  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.

… and makes our signing key trusted at the "ultimate" level.

So let's also s/ultimate/full/ to stick closer to what users should
get once they verify our key via the WoT and certify it locally.