Improve Signing artifacts for deployment, and update also website signing topic

The current page on our website concerning signing, http://incubator.apache.org/uima/distribution.html, says to use the script in uimaj-distr / ... / build / signRelease . xxx to sign the release. This runs gpg and uses that to generate the md5 and sha1 hashes, which are in the wrong format (per discussion the incubator general mailing list).

Remove this signing script (because signing is now done from maven), and update our signing page to indicate how signing is now done.

The uimaj-distr / ... /build/extractAndBuild script, if passed the -deploy switch, will turn on the gpg signing phase; this is configured in the uimaj pom. This will do a gpg signing of the artifacts for all things that are built as part of the packaging phase for all "child" poms.

It's unclear how the md5 and sha1 checksums are generated for the deploy to maven repositories. Inspecting the current repo at http://people.apache.org/repo/m2-incubating-repository/org/apache/uima/ shows md5 and sha1 checksums being applied to the gpg signatures, which is incorrect. Fix / automate this process, to occur as part of the maven lifecycle when signing is asked for. Make this work also for the Eclipse update site.