fix(ci): set ultimate trust on imported signing key

GPG refuses to sign with a key that has unknown trust. Set the
imported key to ultimate trust after import.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/build-release.yml

@@ -137,6 +137,8 @@ jobs:
       - name: Import signing key
         run: |
           echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
+          fpr=$(gpg --batch --with-colons --list-keys "${{ secrets.RPM_SIGNING_KEY_ID }}" | awk -F: '/^fpr:/ { print $10; exit }')
+          echo "${fpr}:6:" | gpg --batch --import-ownertrust
           sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros
           echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
           gpgconf --kill gpg-agent