Optimized on-upload package signing

[pedro-psb]

Is your feature request related to a problem? Please describe.
When doing on-upload signing (#3425), the file makes an extra round trip to be reachable by workers:

1. Unsigned Package is downloaded by API service as temporary uploaded file
2. Unsigned Package is uploaded to storage as PulpTemporaryFile
3. Unsigned Package is downloaded by worker, which then signs it
4. Signed Package is uploaded to worker and temporary Unsigned Package gets deleted

Describe the solution you'd like
Cut out steps 2 and 3, which can get quite costly for larger RPMs packages.

Describe alternatives you've considered

• Sign on API service (before getting to any worker), but that's not good as a general solution. Support for signing RPM Packages on upload (previously: Native obs-signd support for signing PULP hosted content) #2986 (comment)
• There was some discussion about this problem on a pulpcore meeting (see summary here).