Remove false positives from reported verification script failures.

The verification script [1] could use some improvement.

First, the script should not attempt SHA1 or MD5 verification for the ASC files [2].

Second, in my environment at least (Linux), the script will report RAT failures regarding PNG files [3].

Note that the first two issues may be eliminated by appending .asc$ and .png$ to the regular expression on lines 41 and 51 in verify_staged_release.sh. For example:

for i in `find ${DOWNLOAD}/${STAGING} -type f | egrep -v
'.md5$|.sha1$|index.html|maven-metadata.xml|.asc$|.png$'

Finally, there is at least one known case (org.apache.aries.transaction.jdbc) where the verification script will download the SHA1 and MD5 files but not the main file (HTML) which causes failures [4].

[1] http://aries.apache.org/development/verifyingrelease.html

[2] http://mail-archives.apache.org/mod_mbox/aries-dev/201510.mbox/%3C1A0E2225-DA47-4AC3-857C-2F636CEFBCAD%40apache.org%3E

[3] http://mail-archives.apache.org/mod_mbox/aries-dev/201510.mbox/%3CCAE2GP%3DzsXs%2BMMbv_4HskZqm2LEn-htf%3D9J%3D65K%2BDksUQBwiuqQ%40mail.gmail.com%3E

[4] http://mail-archives.apache.org/mod_mbox/aries-dev/201605.mbox/%3CCAA66TpomKFs-zf-QDXstOBc3jVbVxh7koPxRDtOAPKB-sRoYNg%40mail.gmail.com%3E