Sign YUM repository metadata

[joschi]

Currently, the YUM repository metadata (repomd.xml) isn't signed with Graylog's GnuPG package key.

This leads to errors with systems using YUM with repo_gpgcheck=1.

Refs #79
Refs Graylog2/graylog2-server#4596
Refs https://access.redhat.com/solutions/2850911

[bernd]

https://blog.packagecloud.io/how-to-gpg-sign-and-verify-rpm-packages-and-yum-repositories/