Migrate Upgrader's UDF signature verification from GnuPG to Sequoia SOP

Implementations of the Stateless OpenPGP Command Line Interface RFC are now in Debian. As of October 2024 the relevant ones seem to be:

sqopv (Rust)
- https://tracker.debian.org/pkg/rust-sequoia-sop
rsopv (Rust)
- https://tracker.debian.org/pkg/rust-rsop
gosop (Golang)
- https://tracker.debian.org/pkg/gosop
sopv-gpgv (C + Python)
- https://tracker.debian.org/pkg/sopv-gpgv
- backed by gpgv so maybe not?

Such a simple, stateless implementation of OpenPGP signature verification feels more confident-inspiring than our current implementation, that relies on communicating with gpg on the command line (abstracted away in the Perl GnuPG::Interface library, but still), which is hard to get right.

Edited Oct 08, 2024 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information