Update Readme section on verifying signatures

EDIT:

We now generate detached signatures for all release lines. There is no documentation on how to verify this. An update to the Readme would be great!

Original

The current process for verifying releases is outputting a warning

gpg: Signature made Thu May  5 17:56:43 2016 CDT using RSA key ID 4C206CA9
gpg: Good signature from "Evan Lucas <evanlucas@me.com>" [ultimate]
gpg:                 aka "Evan Lucas <evanlucas@keybase.io>" [ultimate]
gpg: WARNING: not a detached signature; file 'SHASUMS256.txt' was NOT verified!

A script to verify and output is included in this gist