security: use gpgv to verify CHECKSUM signatures
    
    The `gpgv` command is designed to simply verify OpenPGP signatures.  It
    takes a keyring as an option and then any number of signed files and
    verifies the signatures based on the keys in the given keyring.
    
    Using `gpgv` allows the instructions to be simplified and avoids the
    following confusing output from the currently recommended method:
    
        gpg: WARNING: This key is not certified with a trusted signature!
        gpg:          There is no indication that the signature belongs to the owner.
    
    The `gpgv` command expects the --keyring argument to be an un-armored
    keyblock.  This means dropping the ascii-armor from fedora.gpg (which is
    more in line with the .gpg extension anyway).  For users who still wish
    to pull fedora.gpg and import it to their keyring, the un-armored
    keyblock works just as well.
    
    The updated instructions are:
    
        $ curl -O https://getfedora.org/static/fedora.gpg
        $ gpgv --keyring ./fedora.gpg *-CHECKSUM
    
    The output from gpgv is:
    
        $ gpgv --keyring ./fedora.gpg *-CHECKSUM
        gpgv: Signature made Fri 19 Mar 2021 10:10:28 AM EDT
        gpgv:                using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39
        gpgv: Good signature from "Fedora (34) <fedora-34-primary@fedoraproject.org>"
    
    Users no longer have to fiddle with marking the Fedora keys as trusted
    in gpg nor do we have to explain why the large "WARNING" from gpg is
    okay to ignore¹.
    
    ¹ https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/MPSGTW42RP4U75ZHUAHDMFIP6TTUW23Y/
    
    Signed-off-by: Todd Zullinger <tmz@pobox.com>