roles/openwrt-image: Pin the LEDE release signing key

This addresses a security issue where an attacker with a key that GnuPG
considers valid (but doesn't claim to be LEDE's) can get their signature
accepted on malicious files.

This should also solve the issue equinox had with key validity.