docs: clarify binary GPG validation

[noerw]

Let users know that warnings on "untrusted signature" don't mean a failed GPG validation.

This additional hint is targeted at novice users; people who know pgp well enough will understand gpg's output anyway.
If we'd instead aim to remove the warning (by adding a command to set the trustlevel for gitea's key) most people would blindly trust the docs, defeating the purpose of that gpg warning.

ref #14817

[codecov-commenter]

Codecov Report

Merging #14832 (c0b7658) into main (dfa18a8) will increase coverage by 0.01%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main   #14832      +/-   ##
==========================================
+ Coverage   45.42%   45.43%   +0.01%     
==========================================
  Files         709      709              
  Lines       83611    83611              
==========================================
+ Hits        37981    37992      +11     
+ Misses      39538    39533       -5     
+ Partials     6092     6086       -6     

Impacted Files	Coverage Δ
services/mailer/mail_comment.go	77.77% <0.00%> (-7.41%)	⬇️
modules/charset/charset.go	73.73% <0.00%> (-2.03%)	⬇️
modules/notification/mail/mail.go	36.27% <0.00%> (-1.97%)	⬇️
modules/log/event.go	59.90% <0.00%> (-1.89%)	⬇️
modules/queue/workerpool.go	54.58% <0.00%> (-0.39%)	⬇️
modules/queue/unique_queue_disk_channel.go	48.63% <0.00%> (+1.36%)	⬆️
services/gitdiff/gitdiff.go	73.90% <0.00%> (+1.41%)	⬆️
services/pull/patch.go	55.93% <0.00%> (+1.69%)	⬆️
services/pull/check.go	28.27% <0.00%> (+2.75%)	⬆️
services/pull/temp_repo.go	29.78% <0.00%> (+3.19%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update dfa18a8...c0b7658. Read the comment docs.