add back package signing

[bmw]

this fixes #9740

the diff isn't actually that large as moving some of the contents of the old deploy-stage.yml file to the new common-deploy-jobs.yml file accounts for almost half of the added and removed lines here. i also tried to convince git that deploy-stage.yml was renamed to nightly-deploy-stage.yml, but the diff is too much for git to believe me. that fact might be helpful when reviewing this though

i went ahead and removed publishing the windows installer from the release script as part of this pr so we can avoid trying to create the github release twice. i believe further windows installer cleanup work is being done as part of #9897

to test this pr, i did a dummy 2.10.0 release off of this branch like

git checkout -b candidate-2.10.0
RELEASE_GPG_KEY=<insert fingerprint of unimportant pgp key here> tools/release.sh 2.10.0 2.11.0
git remote rm temp || :
git remote add temp releases/le* && git fetch temp
git checkout v2.10.0
# made the changes seen at https://github.com/certbot/certbot/commit/e73dfe71d2ed9c4bc284b42de894b66ab4f33c4d
# undo the changes from https://github.com/certbot/certbot/pull/9913/commits/464e8b6fdf94902c3079d36fe79222539e3de126
git tag test-v2.10.0
git push origin test-v2.10.0

doing that resulted in this ci run and this github release (which you can only see if you're logged into github and have the credentials to do so as i made it a draft for testing purposes)

if this pr is merged, i will also

• update release instructions to remove CSS stuff and use releases/le*/packages/{*.tar.gz,*.whl} as the PyPI upload path
• better document the github-releases credential used in release-deploy-stage.yml. i can do this either in the wiki or in the yaml file directly. if anyone has a preference, please lmk. wherever this documentation winds up, i plan to create a calendar event to remind of its expiration and link to the documentation about it in that event. this token will expire on 3/13/2015, is a fine grained github token created on the certbotbot github account, and needs contents:write and workflows:write permissions for this repo
• delete https://github.com/certbot/certbot/releases/tag/untagged-6daca6ec4f9d8300ed71

after this pr, we could also pretty easily automate uploading to pypi from ci as well, but if we do that, i think it should be done in another pr

[zoracon]

Thank you for also doing the Windows installer clean up here! I will look into the site reference for it as well this week.

[bmw]

awesome. thanks for the review!

i think there's more installer cleanup work we could do as it's still being built in CI, however, we're no longer publishing it or using the CSS