The dedicated EdDSA signing key (AF245C506F4E4763, "punktfunk packages <packages@unom.io>")
whose private half is now the RPM_GPG_PRIVATE_KEY CI secret. Committing the public half so
clients can fetch it (raw URL) for gpgcheck=1. This push triggers a rpm.yml run that signs
0.2.0~ciN via packaging/rpm/sign-rpms.sh (no longer a no-op); the gpgcheck=1 flip follows once
that signed build is confirmed published.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
