Simplify the signature verification process

[Corb3nik]

The current verification process is:

• Download the plugin release + signature
• Create a pubkey.pem file with the following contents:

-----BEGIN PUBLIC KEY-----
[pubkey from plugin_packages.json]
-----END PUBLIC KEY-----

• Run the following command

openssl pkeyutl -verify -pubin -inkey ./pubkey.pem -sigfile ./plugin_package.zip.sig -in ./plugin_package.zip -rawin

Ideally this is done automatically.

Some ideas:

A /verify [workflow_id] comment