[Security] Repository is vulnerable to MavenGate

[Nek-12]

https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/

Gradle task

./gradlew --write-verification-metadata pgp,sha256 --export-keys

<component group="com.autonomousapps.dependency-analysis" name="com.autonomousapps.dependency-analysis.gradle.plugin" version="1.28.0">
   <artifact name="com.autonomousapps.dependency-analysis.gradle.plugin-1.28.0.pom">
      <sha256 value="9946abe7d073df5e1153143fab26ca7d4677f44f0152704d0875aaadd9266479" origin="Generated by Gradle" reason="Artifact is not signed"/>
   </artifact>
</component>

did not find a pgp public key in a remote repository or the artifact is not signed.
A fix is to:

1. Start signing all artifacts, if not signed yet
2. Upload a public pgp key used for signing artifacts to multiple public pgp repositories: https://keys.openpgp.org | https://pgp.mit.edu | https://keyserver.ubuntu.com/

[autonomousapps]

All artifacts are signed. I believe the PGP key is only uploaded to a single public repository though. My recollection (this is from years ago) is that it's the keyserver.ubuntu.com repo though, so I'm a little confused.

[Nek-12]

Gradle does not use Ubuntu keyserver by default, so multiple have to be used.