Looks like EdDSA support landed in RPM in 2020 and it works on TW (with sha256 only, https://github.com/rpm-software-management/rpm/issues/1877 is missing). It doesn't work on Leap though, so either that would have to be backported (https://github.com/rpm-software-management/rpm/pull/1202 at least) or we'd have to deal with RSA a bit longer. IMO it's better to keep RSA 2048 for a a bit longer and then switch to ECC directly instead of switching to RSA 4096 now (and maybe switch to ECC in the future).