Fix misleading core packaging metadata

[webknjaz]

Long description on PyPI mentions Python 2.4: https://github.com/vsajip/python-gnupg/blob/9b0399b4684a1f8d9e763c99c94cd9baed5ebc34/setup.cfg#L7C67-L7C77.
The Trove classifiers talk about Python 2.
But the change log says it's actually >= 2.7 that's supported.

It also talks about GPG signatures on GH, which is fine but it would be a good idea to publish native sigstore attestations that PyPI will actually display, including provenance info (#265).

The metadata should contain a requires_python entry. The sooner its added the better. The depresolvers don't know that they should avoid installing this projects on ancient Pythons. Also, once it's declared, resolvers will backtrack to older versions that don't have this piece of metadata.

universal = 1 must be dropped from https://github.com/vsajip/python-gnupg/blob/9b0399b4684a1f8d9e763c99c94cd9baed5ebc34/setup.cfg#L58C1-L58C14 as well. This is because it's being deleted and will break building from sdist/git quite soon.
Replace it with python_tag = py2.py3 (pypa/setuptools#4939).