support OpenPGP sigs on APKs
FDroid client should optionally support OpenPGP signatures on APKs. FDroid client it could just be based on a standard path, i.e. /path/to/myapp_12.apk.sig. Otherwise, the repo format could include an optional field that gives the path to the detached signature file. If F-Droid finds a sig file and is connected to an OpenPGP provider (i.e. GPG ,OpenPGP Keychain, etc.) then it would verify the APK using the signature.
This has been discussed in F-Droid here: https://f-droid.org/repository/issues/?do=view_issue&issue=284