Fix GPG verify path for staged release artifacts

Use absolute artifact paths in the GPG verification step of
devops/release/cloudberry-release.sh.

Previously, the script verified SHA-512 using an absolute path but
called `gpg --verify` with relative file names. When running with
`--repo` from a different working directory, this could fail with
"No such file or directory" even though the `.asc` file existed in
the artifacts directory.

This change aligns the GPG verify command with the SHA-512 check by
verifying:
  $ARTIFACTS_DIR/${TAR_NAME}.asc
against:
  $ARTIFACTS_DIR/$TAR_NAME

No behavior change for successful local runs besides making path
resolution robust.

Author: tuhaihe

devops/release/cloudberry-release.sh

@@ -677,7 +677,7 @@ section "Staging release: $TAG"
   section "Verifying GPG Signature ($ARTIFACTS_DIR/${TAR_NAME}.asc) Release Artifact"
 
   if [[ "$SKIP_SIGNING" != true ]]; then
-    gpg --verify "${TAR_NAME}.asc" "$TAR_NAME"
+    gpg --verify "$ARTIFACTS_DIR/${TAR_NAME}.asc" "$ARTIFACTS_DIR/$TAR_NAME"
   else
     echo "INFO: Signature verification skipped (--skip-signing). Signature is only available when generated via this script."
   fi