fix(ci): use rpm 6 openpgp signing with sequoia-sq

RPM 6 on Fedora 43 uses sequoia (sq) for signing instead of gpg.
Replace %_gpg_name with %_openpgp_sign_id and drop the gpg-agent
loopback config. Add a pre-flight check for sequoia-sq.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/build-release.yml

@@ -134,14 +134,19 @@ jobs:
           find rpms/ -name '*.rpm' -exec mv --target-directory=rpms/ {} +
           find rpms/ -mindepth 1 -type d -empty -delete
 
+      - name: Check for sequoia-sq
+        run: |
+          if ! command -v sq &> /dev/null; then
+            echo "ERROR: sequoia-sq is not installed. Install with: sudo dnf install sequoia-sq"
+            exit 1
+          fi
+
       - name: Import signing key
         run: |
           echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
           fpr=$(gpg --batch --with-colons --list-keys "${{ secrets.RPM_SIGNING_KEY_ID }}" | awk -F: '/^fpr:/ { print $10; exit }')
           echo "${fpr}:6:" | gpg --batch --import-ownertrust
           sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros
-          echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
-          gpgconf --kill gpg-agent
 
       - name: Sign and publish
         run: ./script/publish-repo.sh rpms/

rpm/rpmmacros

@@ -1 +1 @@
-%_gpg_name @GPG_NAME@
+%_openpgp_sign_id @GPG_NAME@