Make this native to Helm?

Just tried this out for generating a provenance file, and appeared to work better than Helm's built-in provenance (at least w/ my key setup).

Does it make sense to add `sign` and `verify` subcommands directly in Helm?