aur releases: skip pgp check (#547)

# Description
Both [AUR releases for signed
packages](https://github.com/exoscale/cli/actions/runs/6349777603/job/17248953628)
failed during the pgp verification:
```shell
==> Verifying source file signatures with gpg...
    exoscale-cli_1.74.0.tar.gz ... FAILED (unknown public key 03686F8CDE378D41)
==> ERROR: One or more PGP signatures could not be verified!
```

I wasn't able to reproduce the issue locally with low effort. I'm able
to run makepkg in an archlinux container with no issue. I verified that
the public key is not present before I run `makepkg` and that it is
present afterwards. This means makepkg must contact keyservers in the
background to receive the keys. This can fail for a number of reasons,
like keyservers not being available, networking or bugs in the gpg
version provided by the GH action runner. Even if we fix it, it might
bite us again if the default keyserver is down, which does happen
unfortunately.
I concluded that fixing this check is not worth it, since the check
happens anyway when the user installs the package unless they explicitly
disable it. We are verifying a signature that we created in a previous
step of the same workflow and have no strong reason to distrust it.

---------

Co-authored-by: Philipp Sauter <[email protected]>

.github/workflows/release.yml

@@ -103,7 +103,7 @@ jobs:
                 sed -i "/^sha256sums=/s/.*/sha256sums=\('$checksum'/" PKGBUILD
               fi
 
-              makepkg
+              makepkg --skippgpcheck
 
               makepkg --printsrcinfo >.SRCINFO
               git add PKGBUILD .SRCINFO

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## UNRELEASED
+
+- aur releases: skip pgp check #547
+
 ## 1.74.0
 
 - publish cli releases as scoop packages #546