[v15.0/forgejo] chore: PGP sign .well-known/security.txt [skip ci] (#12503)

Manual backport of #12502.

Sign the distributed version of `.well-known/security.txt`, just like https://forgejo.org/.well-known/security.txt is signed.

```
$ gpg --verify ./security.txt
gpg: Signature made Sat 09 May 2026 05:59:29 PM MDT
gpg:                using EDDSA key 1B638BDF10969D627926B8D9F585D0F99E1FB56F
gpg: Good signature from "Forgejo Security <security@forgejo.org>" [unknown]
Primary key fingerprint: 1B63 8BDF 1096 9D62 7926  B8D9 F585 D0F9 9E1F B56F
```

In the future this signature will have to be updated before the key expires; but as the expiry is already documented in the file this isn't significantly different than the current state.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12503
Reviewed-by: Gusted <gusted@noreply.codeberg.org>

public/.well-known/security.txt

@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
 # This site is running a Forgejo instance.
 # Forgejo-related security problems should be reported to the Forgejo security team.
 # Security problems related to this instance should be reported to its administration.
@@ -6,3 +9,11 @@ Contact: mailto:security@forgejo.org
 Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/1B638BDF10969D627926B8D9F585D0F99E1FB56F
 Preferred-Languages: en
 Expires: 2027-06-09T23:59:59.000Z
+
+-----BEGIN PGP SIGNATURE-----
+
+iHUEARYKAB0WIQQbY4vfEJadYnkmuNn1hdD5nh+1bwUCaf/KYQAKCRD1hdD5nh+1
+b37sAPsF31EEYpvm21M88Kxjv/YOOJlP2xV94Q94JoYzh5iFqgD/X/1HHOBJHDvc
+YR0b3rrGDFxhSl32BOnHF0yuZO8Nugw=
+=sEiA
+-----END PGP SIGNATURE-----