Is your feature request related to a problem? Please describe.
Pulp needs to handle public keys in some places. They are used for verifying uploaded or synced artifacts, and they may be exposed as part of a publication.

Describe the solution you'd like

• Public GPG keys can be added as a pulp content (either with an artifact, or with the ascii-armored data in a text field - up for discussion). In case data will be stored in a text field we'd need to write a separate handler to serve the pub keys.
• There can be a GPG-keyring repository type able to hold those keys.
• Repositories and Remotes that verify artifacts can add a foreign key to these GPG repositories and assume all the keys there are trusted for verification.
• Signing services can relate directly to the key and should prevent orphan cleanup from deleting the corresponding key, i.e orphan-clean up logic should be adjusted to look not only at repository_membership but also whether there are signing services that point to the key.
• It should be possible to import/export key repositories as well as they should be covered by RBAC.
• Keys should be identifiable by their fingerprint and probably stripped off their signatures (maybe store them as a separate content).
• A publication of the keyring repository should produce a keyring file (*.bkx) as a published artifact.

Describe alternatives you've considered
We discussed whether keys should be content or a standalone generic model. But the benefits from handling keys as content is overwhelming.

Additional context
This is not about private keys. Pulp will never set out to handle anything as sensitive as a private key. For signing we introduced the signing service already to handle all cases including the ones where you never get hold of the key itself.