Switch PGP keyserver to hkps://keys.openpgp.org
The SKS keyserver infrastructure has been under attack for some time, and at the moment is unreachable. The keys.openpgp.org keyserver has the rspamd key, and is resistant to the sort of attack that is hurting the SKS keyservers. This change switches to that keyserver.
gpg won't load new keys from keys.openpgp.org unless the owner consented to publish the uids (see https://keys.openpgp.org/about/faq#older-gnupg). This means you need the key imported first with the uid attached. Here, we include the essential part of the key (the master key, uid, and its self-signature) in the Dockerfile. We still poll keys.openpgp.org for updates, such as expiration extensions and revocations.
See https://gist.github.com/rjhansen/
67ab921ffb4084c865b3618d6955275f for background.