Arch Linux: Add note on lsign-key

Related Issue:
https://gitlab.archlinux.org/archlinux/archlinux-docker/-/issues/18

archlinux/content.md

@@ -21,6 +21,8 @@ This image is intended to serve the following goals:
 -	`pacman` needs to work out of the box
 -	All installed packages have to be kept unmodified
 
+> ⚠️⚠️⚠️ NOTE: For Security Reasons, these images strip the pacman lsign key. This is because the same key would be spread to all containers of the same image, allowing for malicious actors to inject packages (via, for example, a man-in-the-middle). In order to create an lsign-key run `pacman-key --init` on the first execution, but be careful to not redistribute that key. ⚠️⚠️⚠️
+
 ## Availability
 
 Root filesystem tarballs are [provided by our GitLab](https://gitlab.archlinux.org/archlinux/archlinux-docker/-/releases) for at least two months.