Create a new job "Post-Build" which implements issue, this encompasses all post-build tasks. To this job we will then run a new job "Sign-SBOM" on the "signing node", with the available RSA key.

• Compiles and build TemurinSignSBOM
• Signs and Verifies SBOM Signature

Publishes Artifacts:

• Signed SBOM artifact

Tasks:

• Verify Adoptium GPG to PEM conversion is feasible and work for Public key verification #1105
• Request Adoptium PEM private&public key pair from EF, request
• Implement a new Sign-JSON type job for secure signing of SBOM json using an EF PEM/signService temurin-build#3946
• Create new Post-Build job, and a new Sign-SBOM job using TemurinSignSBOM