* use fingerprint in GPG receive key instruction

It is pretty easy to make 32 bit key id's can be made to collide, to avoid
the issue is better to use key fingerprint receiving a key.  See reference
for extented explanation about this weakness in security.

Reference: https://evil32.com/

* add instructions how to check git tag signature

More people should routinely check signatures, so let's make it easy.