In subscription.py we are creating yum repo files so that we can download subscription-manager and related packages from ubi. The repo files set gpgcheck=0 but we should set it to gpgcheck=1 instead.

This is not easily exploitable since we also hardcode the https url to the ubi repos so an attacker would have to have access to our cdn in order to upload malicious packages.

The related bugzilla; https://bugzilla.redhat.com/show_bug.cgi?id=2086827

Setting the gpgcheck to 1 does not enable the package signature verification when downloading packages from the repos. It enables it when installing packages from the repos directly. That's what we need to do under RHELC-601.

Acceptance criteria:

• the three repofiles declared in https://github.com/oamg/convert2rhel/blob/v0.25/convert2rhel/subscription.py#L34 (_CENTOS_6_REPO_CONTENT, _UBI_7_REPO_CONTENT, _UBI_8_REPO_CONTENT) have gpgcheck=1 to make sure packages being installed from them have package signature verified