[Security] Repository is vulnerable to MavenGate

[Nek-12]

https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/

Gradle task

./gradlew --write-verification-metadata pgp,sha256 --export-keys

did not find a pgp public key in a remote repository or the artifact is not signed.

      <component group="org.burnoutcrew.composereorderable" name="reorderable" version="0.9.6">
         <artifact name="reorderable-0.9.6.module">
            <sha256 value="6b0ea0074dede0a0b0f360d0e064dcb36f3c372a78684c2468a4419a1c443d3d" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
         </artifact>
         <artifact name="reorderable-metadata-0.9.6.jar">
            <sha256 value="65721657da7a1d6b27e0ef0a6ba4dcdbd1a5735529ff648a45e806452b8f54fa" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
         </artifact>
      </component>
      <component group="org.burnoutcrew.composereorderable" name="reorderable-jvm" version="0.9.6">
         <artifact name="reorderable-jvm-0.9.6.jar">
            <sha256 value="f8d71d56212ccf4b3f8c74ed01b371238237adfddc3e9dd957fdaf5a7221cad5" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
         </artifact>
         <artifact name="reorderable-jvm-0.9.6.module">
            <sha256 value="a49e25d74390f3a4106d176d247851d19eae04c44c6709ebabad71df6ddc1937" origin="Generated by Gradle" reason="A key couldn't be downloaded"/>
         </artifact>
      </component>

A fix is to:

1. Start signing all artifacts, if not signed yet
2. Upload a public pgp key used for signing artifacts to multiple public pgp repositories: https://keys.openpgp.org | https://pgp.mit.edu | https://keyserver.ubuntu.com/