[Feature request] Display repository GPG key (signed-by) in Software Sources

[Bastien-Boucherat]

Since APT now recommends per-repository GPG keys using the signed-by= directive (stored in /usr/share/keyrings/), the Software Sources tool no longer shows any authentication keys, even though they are correctly configured and used by APT.

This can be confusing for users, especially those who added third-party repositories manually and want to audit or verify their system configuration.

Suggested improvement
For each enabled repository, display (read-only):

• GPG key file used (signed-by=…)
• Key fingerprint (optional)
• Key location (/usr/share/keyrings/…)
• Status (key present / missing)
  This information could be shown in an “Advanced” or “Details” view to keep the UI simple for non-technical users.

Benefits

• Improves transparency and trust in third-party repositories
• Aligns the GUI with modern APT security practices
• Helps users audit and reproduce clean system installations
• Reduces confusion caused by the now-empty “Authentication keys” section

Cheers