Ensure that repo info and signing keys are distributed securely

[daikema]

In the yum output (after installing the UMD-4 repo RPM) I see:

Retrieving key from http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3
Importing GPG key 0x3CDBBC71:
 Userid     : "EUGridPMA Distribution Signing Key 3 <info@eugridpma.org>"
 Fingerprint: d12e 9228 22be 64d5 0146 188b c32d 99c8 3cdb bc71
 From       : http://repository.egi.eu/sw/production/cas/1/GPG-KEY-EUGridPMA-RPM-3

and

Retrieving key from http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY
Importing GPG key 0x96B71B07:
 Userid     : "Kostas Koumantaros (UMD Release Manager) <kkoum@grnet.gr>"
 Fingerprint: 32ad 8d80 fa5a 89b5 3dc5 de93 6799 de16 96b7 1b07
 From       : http://repository.egi.eu/sw/production/umd/UMD-RPM-PGP-KEY

i.e. both of these are unencrypted channels which limits the ability of keys housed there to verify the integrity of packages signed by them.

Also, on both an Ubuntu 18.04 install with latest updates and a CentOS 7 install with latest updates, the key for repository.egi.eu appears untrusted by the default trust bundle (although it is trusted by my Chrome install on the Ubuntu 18 desktop I tested from).

--2018-06-25 11:23:04--  https://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm
Resolving repository.egi.eu (repository.egi.eu)... 195.251.53.182, 2001:648:2030:6000::182:182
Connecting to repository.egi.eu (repository.egi.eu)|195.251.53.182|:443... connected.
ERROR: cannot verify repository.egi.eu's certificate, issued by 'CN=TERENA SSL CA 3,O=TERENA,L=Amsterdam,ST=Noord-Holland,C=NL':
  Unable to locally verify the issuer's authority.
To connect to repository.egi.eu insecurely, use `--no-check-certificate'.```