Investigate/implement whether PGP/GPG verification/checking for downloader.py is required

jenkins-shared-library has some code for using pgp/gpg checks with downloading external resources. Do we need to integrate this into download.py? Investigate and implement if so.