GPG signing doc issue

README mentions:

SEMREL_GPG_SIGNKEY "Path to the GPG signkey exported with gpg --armor --export-secret-key ⚠️ Declare as a masked project variable of File type."

Either it's a "path", an "env_var" variable that could be masked, but a path is probably not a secret. Either it's a "file", a "file" variable with value containing the ASCII-armored exported key, but it can't be masked because it contains spaces and carriage returns.

Expected: probably clarify the documentation to mention a "file" variable, that can't be masked but the content won't be displayed anyway.

Nb: at the moment, only commits can be signed, not the tags (would require to add "git config --global tag.gpgsign true" setting too). Anyway https://docs.gitlab.com/ee/user/project/repository/signed_commits/gpg.html mentions that "GPG verified tags are not supported".