GPG Sign <image>.tar and remove whitelist app from Scanning Pipeline

GPG sign the tar and not only the manifest in the scanning pipeline. Also remove the remnants of the white list app from the repo. Remove the whitelist directory and leave the csv generator and white list generator that is nested in a sub directory of the whitelist python dir.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information