build: Rename GPG_FILE to DETACHED_SIG_FILE

This is just a semantic cleanup -- we have multiple files that are
OpenPGP signatures.  And while we're probably making signatures with
GnuPG, they can be verified with any OpenPGP implementation, so "GPG_"
is arguably both not specific enough, and overly-specific.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>