Suggested addition to docs/SIGNATURES.md: downloading the signing key for the paranoid

[lestephane]

I like that you're serious about explaining people how to properly verify releases. And thought I would throw in this additional twist for those who are nervous about downloading a signing key from any one place.

$ wget https://github.com/LN-Zap/signing-keys/releases/download/1.0/zap-release-signing-key.asc
$ torsocks wget https://github.com/LN-Zap/signing-keys/releases/download/1.0/zap-release-signing-key.asc
$ wget https://keybase.io/ln_zap/pgp_keys.asc
$ torsocks wget https://keybase.io/ln_zap/pgp_keys.asc
$ ls -1
pgp_keys.asc
pgp_keys.asc.1
zap-release-signing-key.asc
zap-release-signing-key.asc.1
$ (cmp pgp_keys.asc* && cmp zap-release-signing-key.asc* && cmp *.1) || echo "something's wrong"

[welcome]

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it.
To help make it easier for us to investigate your issue, please follow the contributing guidelines.