releng: able to use gnupg default keys for signing

Git and our previous "must specify one keyid" approach is more
constraining than GnuPG allows; cleanest and simplest way, without
breaking support for people with multiple keys and such like, is to just
provide a way to break out of our logic and say "use the configured
default GnuPG keys".

My PGP key has multiple signing subkeys, one RSA and one Ed25519; I
think I might try a dual-signature in an upcoming RC to see how many
people scream with broken OpenPGP clients.