SIGNSERVER-2009 tracks creating a new key pair with a post-quantum part, which we are going to use to sign RPMs. As soon as this key has been created (at the moment, targeted for early October, although we'll certainly try to get it done earlier if we can), it should be packaged in redhat-release similar to the existing /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release key, ideally with an automated mechanism that imports the PQC key into users' keyrings (if that's something we typically do by default, I don't know how exactly this is set up).

This is a prerequisite for signing of RPMs with this post-quantum signing key.

Note: Due to the complexity of this task, including infrastructure and pipeline changes, the CentOS Stream release of this might not happen at the same time as it does in RHEL.