pom: add profile to sign artifacts

Motivation:
The are many reasons why we should sign our artifacts. The main two are:

  - allow library users to verify who have release the jars
  - maven central accepts only signed artifacts (and this is the goal)

Modification:
Add profile that will be activated by maven release plugin or manually
with `-P sign-artifacts` option.

Result:
produced artifacts will be released.

Acked-by: Jürgen Starek
Target: master, 3.1
(cherry picked from commit 6cd0cab)
Signed-off-by: Tigran Mkrtchyan <[email protected]>

Author: kofemann

pom.xml

@@ -322,4 +322,37 @@
       </snapshotRepository>
   </distributionManagement>
 
+  <profiles>
+      <profile>
+          <id>sign-artifacts</id>
+          <activation>
+              <property>
+                  <name>performRelease</name>
+                  <value>true</value>
+              </property>
+          </activation>
+          <build>
+              <plugins>
+                  <plugin>
+                      <groupId>org.apache.maven.plugins</groupId>
+                      <artifactId>maven-gpg-plugin</artifactId>
+                      <version>1.6</version>
+                      <configuration>
+                          <passphrase>${gpg.passphrase}</passphrase>
+                      </configuration>
+                      <executions>
+                          <execution>
+                              <id>sign-artifacts</id>
+                              <phase>verify</phase>
+                              <goals>
+                                  <goal>sign</goal>
+                              </goals>
+                          </execution>
+                      </executions>
+                  </plugin>
+              </plugins>
+          </build>
+      </profile>
+    </profiles>
+
 </project>