We have to do this because gpg.conf doesn't understand tilde or
environment variable expansion in the configuration file, and the only
reliable way to make the ca-cert-file option work between different
implementations of gpg(1) and its cURL link is to explicitly specify the
path to the CA file.
This is probably a better approach than installing the thing as a
trusted system CA anyway, which requires root privileges that I don't
really want to assume anyone installing this has.
I'm also including the CA, CRL, and .pem for the SKS keyservers in this
commit. This seems a lesser evil than trying to pull them with cURL or
wget at make(1) time.