Set the GPG key expiration to 2023-05-01

[wata727]

Fixes #1114

I took this opportunity to consider switching the release signing key from my personal key to an organization key, but there were some challenges and I decided to simply extend the expiration of the current key.

I was planning to use the import-gpg action when considering automating the signing of the release process. However, there is an issue with this action that the signing subkey is not available. See crazy-max/ghaction-import-gpg#58. I follow the recommended practice to generate a signing subkey and use it.

Importing the primary key into CI is probably not good in terms of security. However, release automation is important to allow new maintainers to release freely.

I will look for a better way to balance security and convenience a little more. If you have any suggestions, please let me know. Thank you.

[bashims]

@wata727 it may be a good idea to update the public PGP key servers with your updated public key. The one I received from https://hkps.pool.sks-keyservers.net:443 was expired.

/tmp/tflint 15:51:56
➜   $ gpg --receive-keys 8CE69160EB3F2FE9
gpg: key 131A2054C7B3FB65: public key "Kazuma Watanabe <watassbass@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

/tmp/tflint 15:51:58
➜   $ gpg --verify checksums.txt.sig
gpg: assuming signed data in 'checksums.txt'
gpg: Signature made Wed 05 May 2021 03:54:18 AM EDT
gpg:                using RSA key 1780244FBAEB62C74476BE498CE69160EB3F2FE9
gpg: Good signature from "Kazuma Watanabe <watassbass@gmail.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 2DA7 A4B1 1347 B217 3852  31D1 131A 2054 C7B3 FB65
     Subkey fingerprint: 1780 244F BAEB 62C7 4476  BE49 8CE6 9160 EB3F 2FE9

/tmp/tflint 15:52:02

[wata727]

Sent to key servers.