Create OpenPGP v4 signatures by default

[pmatilai]

Investigating https://bugzilla.redhat.com/show_bug.cgi?id=2141686 revealed that much of the rpm-ecosystem is still relying on the obsolete OpenPGP v3 signature format, probably because rpm in the old days didn't support anything else. Even the old RFC-2440 listed v3 signatures as something to only use for interoperability, and with rpm that interoperability reason has long since gone away.

I see obs-sign already supports v4 signatures for several years now, but I think it's time to make that the default.

[mlschroe]

(The reason why v4 isn't the default is that v4 signatures include the pubkey algorithm in the hash, which is not available and thus needs an extra round trip to the sign server.)

[praiskup]

It doesn't mean that the full RPM payload is handed over, or? Seems like an extra
server request is wort it.