Import the secret key into gpg before signing artifacts

[cb372]

Add a step to Travis's before_install to import the secret key file into gpg after decrypting it.

Also remove unnecessary pgpPublicRing and pgpSecretRing settings. They are only used by sbt-pgp's bouncycastle signer implementation, which we don't use anymore.

Remove the pubring.gpg file, as we don't use it anymore.

Remove the recently added usePgpKeyHex(...). It turned out not to be necessary. We only import one key into gpg, so there is no need to specify the key.

@BenFradet @juanpedromoreno I'm confident it will work this time! You can see my sad trail of experiments on the signing branch if you're interested.

The moral of the story is, don't trust filenames! The pubring.gpg and secring.gpg files are not actually gpg keyrings, despite what their filenames suggest. They are an ascii-armored public key and secret key respectively. That set me back a few hours.

Migration guide for projects that use sbt-org-policies

1. Upgrade to sbt-org-policies 0.12.6 0.13.0 (to be released after this PR is merged)
2. You can delete the pubring.gpg file from your repo, as it is no longer needed
3. I recommend renaming the secring.gpg file to something more representative. I called it secret_key.asc
4. Update .travis.yml to import the secret key into gpg during the before_install phase. See here for an example. Don't forget the semicolon at the end of the line.
5. If you are setting pgpPublicRing and/or pgpSecretRing in your build.sbt, you can delete those settings.

[BenFradet]

interesting stuff 👍

[juanpedromoreno]

Maybe it worthwhile to do 0.13.0? Great job @cb372 !

[calvellido]

Thanks @cb372!