add new key link verification method
@CiaranG has released a file where he used the JAR signing process used on the index to sign a copy of the admin@f-droid.org PGP key which is used to make PGP signatures on all builds on f-droid.org.
This also does some maintenance on Security Model.
Edited by Hans-Christoph Steiner