add securedrop-workstation-dom0-config 0.6.3 signed package

[sssoleileraaa]

Description

Package being released: securedrop-workstation-dom0-config 0.6.3
Package tag: https://github.com/freedomofpress/securedrop-workstation/releases/tag/0.6.3
Build logs: https://github.com/freedomofpress/build-logs/blob/main/workstation/securedrop-workstation-dom0-config-0.6.3
Test signing key used to sign package and tag: https://github.com/freedomofpress/securedrop-workstation-dev-rpm-packages-lfs/blob/HEAD/pubkeys/test.key

Release tracking issue: freedomofpress/securedrop-yum-prod#33

Checklist for PR owner

• Links in this PR template have been updated as required
• https://github.com/freedomofpress/securedrop-workstation-dev-rpm-packages-lfs/blob/HEAD/pubkeys/test.key points to the correct test signing key

Checklist for reviewer

• CI is passing
• The commits being released are what you expect (see freedomofpress/securedrop-workstation@0.6.2...0.6.3)
• The RPM is signed with the test signing key

  • Download the signed RPM from this PR
  • Run rpm -qi <signed-rpm> to get the KEY ID
  • Run gpg -k <KEY ID> to verify that it matches the test signing key (make sure you have the test signing key referenced in the PR description in your GPG keyring)

• The Unsigned RPM checksum matches what's in the build logs

  • Download the signed RPM from this PR (if you haven't already)
  • Run rpm --delsign <signed-rpm> to remove the signature (do this on same OS used to build the package, in this case it's Debian)
  • Run sha256sum <unsigned-rpm> and compare

[eaon]

Looks good!

And a weird one again, the OS version matters too - rpm --delsign on buster gave the right hash, on bullseye it does not (it gives the same hash as Fedora 35 🤷)