Add log statements to package signing task

[daviddavis]

Adds informational and debug log messages around package signing, mirroring the troubleshooting coverage already present in pulp_deb. The new logs cover:

• the active signing fingerprint passed to the signing service (_sign_file),
• a debug entry on fingerprint mismatch in _verify_package_fingerprint,
• the previously-silent return paths in _sign_package (package already signed with the target fingerprint, and reusing a previously-signed package via RpmPackageSigningResult),
• the per-repository entry point for signed_add_and_remove, naming the repository and the signing service in use.

Assisted-by: Claude (GitHub Copilot)

[dralley]

In retrospect this particular check concerns me, because if the signing service selects a mainkey that is not a signing key, then GPG is free to select a signing subkey, which means that a package signed by an old subkey would not be resigned by a new subkey because the package_signing_fingerprint matches.

So we might want to figure out how to track the actual signing fingerprint and not just the mainkey fingerprint.

[dralley]

That is, however, a separate concern from this PR

[daviddavis]

So the issue is that a repo has a fingerprint for A for package signing service and the package was previously signed with the signing servie using subkey A1 and now it is signing with key A2? I don't know how there's a way for Pulp to know that the package signing key for the signing service didn't change (A1 -> A2). I would imagine that the user should set the fingerprints for A1 or A2 on the repo and not the primary key fingerprint (A). Otherwise, we could give users an option to bypass this check (like a setting).