Please enable GPG signing of charts for verification purposes

[oWretch]

Helm supports signing charts to allow verification of the origin and validity of a chart package. This is done through the use of provenance files.

Could signing be added to the chart release process so we can consume the signature to verify the release? We have a requirement to cache the charts locally for use, and our security team would like us to be able to verify all releases before deployment.

Helm documentation: https://helm.sh/docs/topics/provenance/