Sign with ephemeral PGP key in CI

When building the images in CI we need to create an ephemeral PGP key to use for signing the squashfs/erofs image. Currently this is one of the main blockers of using the CI created images in deployment.

Using an ephemeral key is possible, because the check ensures, that during netboot the initramfs uses squashfs/erofs image, that is signed with a public key that is present in the initramfs.