Update how passphrase is passed to GPG

[cowwoc]

Description:
Per https://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#passphraseenvname the mechanism currently used by this task is deprecated. This is reenforced by the fact that https://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#passphrase will fail if <bestPractices> is true.

The recommended way to pass the passphrase is now https://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#passphraseEnvName

Task version:
v4

Expected behavior:

• Stop writing gpg.passphrase to server.xml.
• Set gpg.passphraseEnvName if the user specifies a value other than MAVEN_GPG_PASSPHRASE

[priya-kinthali]

Hello @cowwoc👋,
Thank you for reporting this issue. We will investigate it and get back to you as soon as we have some feedback.

[priyagupta108]

Hi @cowwoc 👋,
Thank you for your valuable insights! We’ll explore the possibility of implementing these changes to enhance the action and consider your suggestion for future improvements. In the meantime, please feel free to share any additional details or suggestions you may have!