Update git-changelist-maven-extension from 1.5 to 1.6

[NotMyFault]

• Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
• Ensure that the pull request title represents the desired changelog entry
• Please describe what you did
• Link to relevant issues in GitHub or Jira
• Link to relevant pull requests, esp. upstream and downstream changes
• Ensure you have provided tests - that demonstrates feature works or fixes the issue

[NotMyFault]

I wonder if it makes sense to publish releases automatically, similar to other infra-related components, like the ATH. Pinging Jesse every time to ask for a release makes me feel bad. Yet, I prefer people using up-to-date versions for hosting requests.

@jglick any opinions/concerns?

[jglick]

That would be great. Unfortunately this goes to Maven Central and requires my personal PGP signature and Nexus (OSSRH) credentials. sigstore/sigstore-maven#12

[NotMyFault]

We could

• create a jenkins-infra service account, we add to the release profile for archetypes at the central repository
• create a "jenkins-like" keypair for artifact signing

and publish archetypes from there.
Sonatype fetches keys from keyservers, they aren't tied to projects, unless you insist on continuing to use your personal key 👀

[jglick]

Yeah, we could. TBH it is easier for me to occasionally run a release script than to set up the transfer of credentials, but we can try if you want more frequent releases (sooner than Sonatype implements modern OIDC-based authentication).