Add missing parameters for generating signature

[jiangzm]

There is an inconsistency in how qbuild uses the GPG keyring across different commands.

The following commands already use the configured GPG keyring file QDK_GPG_PUBKEYRING:

• --import-key
• --list-keys
• --verify

However, the following signing commands were still using the default GPG keyring:

• --sign
• --add-sign

This could cause signing and verification to use different keyrings, leading to unexpected signature issues.

Changes
This update adds the following options to the GPG signing flow used by --sign and --add-sign:

• --no-default-keyring
• --keyring $QDK_GPG_PUBKEYRING

Result
With this change, all related GPG operations now consistently use the configured keyring file, which:

aligns the behavior of import, list, verify, sign, and add-sign
avoids mismatches between signing and verification
makes GPG handling in qbuild more predictable and consistent

[jiangzm]

+ fix: remove command missed deleting encryption program

[edhongcy]

I found one risk worth addressing before merge:

• In shared/bin/qbuild, the new --no-default-keyring --keyring $QDK_GPG_PUBKEYRING flow can make gpg fail more often in --add-sign. Right now eval $gpg_cmd || warn_msg ... only prints a warning in non-strict mode, and the script still continues into add_qdk_area_signature and rewrites the QPKG. If the signer key is missing from the configured keyring, the keyring path is wrong, or the keyring file does not exist, this path can leave a broken package behind.

Suggested improvements:

• Make --add-sign fail fast when gpg does not generate ${qpkg}.sig, instead of continuing the rewrite path.
• Update the help text and manpage for --sign and --add-sign to mention that signing now depends on QDK_GPG_PUBKEYRING, because the current docs still say the default behavior is to use the first key from the secret keyring.
• Optionally split the InstallToUbuntu.sh cleanup change into a separate PR or explain it in the PR description, since it looks unrelated to the GPG keyring change.

The direction of the fix makes sense overall. I mainly want to avoid a signing failure turning into a corrupted output file and make the new behavior easier for users to discover.