Transition smoothly away from Erinn's signing key for the coming releases

We should find a good transition away from Erinn's signing key. There are already different proposals on the table with different kinds of efforts involved:

1. Move on to a different key of one of the Tor people.
2. Move away from single points of failure and use the sha256sums verification we already describe on https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification
3. Create a role key for signing the bundles to be not dependent on single people available signing the release.

...