Adapt for RPM 6.0

[Conan-Kudo]

The upgrade RPM 6.0 has been proposed for Fedora Linux 43, which comes with all kinds of interesting implications. The biggest thing to affect us based on @pmatilai's Change document is switching to "default on" for PGP signature verification.

This means that for kiwi, if we don't propagate our rpm-check-signatures defaults, there will be unexpected surprises in build system environments where unsigned packages are consumed for image builds (e.g. image builds in CentOS CBS Koji, maybe also OBS?).

It seems the way to handle this would be to propagate %_pkgverify_level based on our settings. This macro already exists since RPM 4.15 and in RPM < 6.0 is set to digest, but RPM 6.0 will change it to all (meaning both checksums and PGP signatures will be verified). Our rpm-check-signatures flag should propagate digest for false and all for true. This will make things reasonably consistent and avoid weird surprises.

The only distribution that we still support that doesn't recognize this macro is SLE 15, as that has RPM 4.14. In that case, this macro will have no effect, so I think it should be fine to unconditionally express this setting.

[github-actions]

This issue is stale because it has been open 60 days with no activity. stale label was set.

[Conan-Kudo]

Still needed to be done.