Make it easier to find GPG public keys and package signatures for Inkscape
#### Summary:
<!-- Summarize the issue/suggestion concisely: -->
Package signature wasn't easily noticeable and wasn't easy to know that I should use the "Uploader" public key to verify the signature.
#### Steps to reproduce:
<!-- Describe what you did (step-by-step) so we can reproduce: -->
Search website for Hash, signature, GPG, sha256, sha512 and public key. You wouldn't get any result and couldn't find any of theses terms mention in the menu. When you go to the download page you might notice a `(sig)` link next to the uploader name but key isn't shown.
#### What should have happened?
There should be a clear mention of a way to verify the authenticity of the package. I suggested having it under heading with title *Verify package* in the download page and keys linked in from the main website.
Please add public key to the following:
```
Uploaded by Marc Jeanmougin (sig)
```
so it becomes something like:
```
Uploaded by Marc Jeanmougin (public key) (sig)
```
Also maybe provide a little guide for verification mentioning that the uploader key should be used not Inkscape key. preferably include sha256/sha512 of binaries.
Sorry for my ranting but I usually expected to find the hashes in git repository or at least shown clearly in the download page. This is my first time verifying. I'm wasting time writing so others doesn't go through the same journey.
issue