GPG signature for RPM packages on GitLab runner repo

Description

GitLab runner RPM does not have a GPG signature.

Procedure used to verify:

1. Following instructions from official documentation (install via repo)...
2. Run curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.rpm.sh | sudo bash
3. Download the RPM package from the repo to the current directory: yumdownloader gitlab-runner
4. Query the RPM metadata using rpm -qpi gitlab-runner-10.6.0-1.x86_64.rpm

Metadata is as follows:

Name : gitlab-runner
Version : 10.6.0
Release : 1
Architecture: x86_64
Install Date: (not installed)
Group : default
Size : 49392876
License : MIT
Signature : (none)
Source RPM : gitlab-runner-10.6.0-1.src.rpm
Build Date : Thu 22 Mar 2018 04:39:41 AM EDT
Build Host : runner-72989761-project-250833-concurrent-0
Relocations : /
Packager : GitLab Inc. support@gitlab.com
Vendor : GitLab Inc.
URL : https://gitlab.com/gitlab-org/gitlab-runner
Summary : GitLab Runner
Description :
GitLab Runner

Official documentation on this appears to conflict. The manual installation package list states

NOTE: If you installed runner/gitlab-runner with our Bash script, Chef cookbook, or Puppet module the GPG key is automatically installed. There is nothing additional you need to do.

Proposal

1. Sign the GitLab runner RPM using GPG.
2. Enable GPG signature verification in the official install script that adds the GitLab runner repo