build: update auth in sign+deploy scripts

[bastimeyer]

Follow-up of #5077

---

As said, I don't have the password for the signing key, so I can't actually test the changes to the gpg decryption command. That's just a trivial change though, and it reads the passphrase from stdin now, which is the preferred way. Just take a look at the manual.
https://man.archlinux.org/man/gpg.1#passphrase-fd

I've messaged @beardypig and asked him to post the password to the protonmail account, as a backup.

---

The second change is in regards to the PyPI deploy script.

The current authentication method when uploading release files to PyPI is password based. This will change it to a token-based authentication, with different env vars. I will add those to the secret env vars after this has been merged. The token has been sent to the protonmail mailbox.
https://twine.readthedocs.io/en/latest/index.html#configuration

I've also removed inactive collaborators from the PyPI package and made 2FA a requirement. Since the streamlink account doesn't have 2FA enabled, this account is now unable to make modifications to the package. This shouldn't affect the upload token, I hope.
https://pypi.org/help/#apitoken

There's a slight chance that these changes will cause issues with the next release, so we'll have to see.