Add GnuPG to Omnibus for improved GPG key support

Related to https://gitlab.com/gitlab-org/gitlab-ce/issues/36845

We need to package GnuPG and possibly GPGME as part of omnibus to support Ed25519 keys.

cc @marin @DouweM this came from https://gitlab.com/gitlab-org/gitlab-ce/issues/36845#note_39249673

---

Update after research:

As an overview, this is the relationship between packages. I will try to figure out more about how they actually interact, but from a glance they are basically build dependencies with acceptable licenses. Black lines show build-depends relation (gnupg is not a build dependency of gpgme, but rather a runtime one)

Licenses

1. libgpg-error: GPL 2 and LGPL 2.1+ . Debian lists LGPL 2.1 as the license. From the README

   Libgpg-error is free software; you can redistribute it and/or modify
   it under the terms of the GNU Lesser General Public License as
   published by the Free Software Foundation; either version 2.1 of the
   License, or (at your option) any later version.  See the file
   COPYING.LIB for copyright and warranty information.  See the file
   AUTHORS for a list of authors and important mail addresses.
   
   However, some files (for example src/mkerrnos.awk) used in the build
   process of the library and the manual are covered by a different
   license.  Please see the header of these files and the file COPYING
   for copyright and warranty information on these files.  A special
   exception in the copyright license of these files makes sure that the
   output in the build process, which is used in libgpg-error, is not
   affected by the GPL.

   TLDR; output is not affected by the GPL

2. libassuan: LGPL 2.1+ and GPL 3+. From the README: See COPYING.LIB on how to share, modify and distribute the software itself (LGPLv2.1+)

3. npth: LGPL 2.1+

4. libksba: LGPL3+ or GPL2+. From AUTHORS

    | KSBA is free software; you can redistribute it and/or modify
    | it under the terms of either
    |
    |   - the GNU Lesser General Public License as published by the Free
    |     Software Foundation; either version 3 of the License, or (at
    |     your option) any later version.
    |
    | or
    |
    |   - the GNU General Public License as published by the Free
    |     Software Foundation; either version 2 of the License, or (at
    |     your option) any later version.
    |
    | or both in parallel, as here.

   TLDR: we can distribute it under LGPL3+

5. libgcrypt: LGPL 2.1+ and GPL 2+. From AUTHORS: License (library): LGPLv2.1+, License (manual and tools): GPLv2+

6. gnupg: Bunch of licenses - GPL 3, GPL 2, CC 0, LGPL 2.1, LGPL 3, Other. It is basically GPL3+, from doc/HACKING

   ** License policy
   
   GnuPG is licensed under the GPLv3+ with some files under a mixed
   LGPLv3+/GPLv2+ license.  It is thus important, that all contributed
   code allows for an update of the license; for example we can't
   accept code under the GPLv2(only).

From my understanding, gpgme uses the gpg executable that is available from gnupg for its operation. In other words, gpgme is basically a wrapper library around the gpg executable so that other software can easily access gpg functionality. Hence, I guess use of gpg (thus, gnupg) comes under mere aggregation.