I think this commits lacks a bit of documentation. Users should get known of this fact, admins as well as "consumers" of guix publish.
It's a nice feature. Until yet I did server the signing-key as file via nginx from the webroot. Now I guess I only need a redirect (or maybe not)...
