enforce/recommend using AllowedAPKSigningKeys: when using RB w/ Binaries: ?

Thanks to RB, the build should still be safe, even if upstream APKs are suddenly signed with a different key than expected, but e.g. updates will fail if the key is different.

It does seem like something we'd usually want to verify IMO.

NB: not sure if AllowedAPKSigningKeys is (and can be) currently used at all on our production build server.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information