Add SBOM jsf signing to openjdk_build_pipeline.groovy

[Haroon-Khel]

ref adoptium/temurin-build#3946

Code to run the (incomplete) https://ci.adoptium.net/job/build-scripts/job/release/job/sign_temurin_jsf/ job which signs the SBOM using https://github.com/adoptium/temurin-build/blob/master/cyclonedx-lib/sign_src/TemurinSignSBOM.java

On line 1866 it should archive the temurin-sign-sbom.jar so that it can be used later to sign the SBOM on the eclipse worker node. The artifact should get copied over during the sign_temurin_jsf job

Lines 1057 to 1094 is just the gpgSign() function repeated for the sign_temurin_jsf job

This pr is together with adoptium/temurin-build#4017

[github-actions]

Thank you for creating a pull request!

Please check out the information below if you have not made a pull request here before (or if you need a reminder how things work).

Code Quality and Contributing Guidelines

If you have not done so already, please familiarise yourself with our Contributing Guidelines and Code Of Conduct, even if you have contributed before.

Tests

Github actions will run a set of jobs against your PR that will lint and unit test your changes. Keep an eye out for the results from these on the latest commit you submitted. For more information, please see our testing documentation.

In order to run the advanced pipeline tests (executing a set of mock pipelines), it requires an admin to post run tests on this PR.
If you are not an admin, please ask for one's attention in #infrastructure on Slack or ping one here.
To run full set of tests, use "run tests"; a subset of tests on specific jdk version, use "run tests quick 11,21"

[sophia-guo]

Could this be done at post build stage as initially we tried to do this in post stage but due to the PEM issue it's blocked. i.e, to sign all sbom files at the post stage. https://github.com/adoptium/ci-jenkins-pipelines/pull/739/files