Make verify_gpg_settings respect --skip-gpg

[ehrenfeu]

No sure whether it is intended to work that way, but for me the --skip-gpg parameter didn't do the job. Locally, the change in this PR works fine, but I am definitely lacking the global picture of maven + travis + OSS Sonatype / ...

[ctrueden]

@ehrenfeu Sorry, that is just some cruft left over from the old-style release-version.sh script, which performed the actual release and deployed it using your local machine.

The new way is that Travis has the GPG key and does the build+deploy. So you should never need the GPG stuff on your local system.

I'll look into completely removing that logic.

Edit: Actually, it looks like I already updated that logic to check whether Travis will be happy when release time happens.

Why do you need to skip this check, @ehrenfeu? Is there some reason we can't commit an encrypted signing key to your repo?

[ctrueden]

I merged it, in the interest of the script working as described. But I still wonder whether you really need to use this flag, @ehrenfeu. Any repository that uses this script needs the ImageJ Maven repository credentials encrypted at minimum, and ideally the GPG key as well, in case the component ever migrates to OSS Sonatype.