docs/howto: update invocation for signing assets

Currently, we tell the maintainer to specifically ensure the absence of
the sha256sums.asc file before generating a file to sign. However, we
don't tell the user about the Windows assets tarball that we've built as
part of our Windows build process.

Instead of telling a potentially harried maintainer to be sure to do
something, let's help them out by providing a command in the
documentation that does the right thing so they can just copy and paste.

Additionally, let's pass the -b option to shasum, so that Windows
systems will read the file in binary mode, which makes verification
easier for Windows users.

docs/howto/release-git-lfs.md

@@ -130,12 +130,11 @@ equal to 0, we say that we are releasing a MINOR version of Git LFS, in the
      following:
 
      ```ShellSession
-     $ (cd bin/releases && shasum -a256 * | gpg --digest-algo SHA256 --clearsign >sha256sums.asc)
+     $ (cd bin/releases && \
+        shasum -a256 -b * | grep -vE '(assets|sha256sums)' | \
+        gpg --digest-algo SHA256 --clearsign >sha256sums.asc)
      ```
 
-     Note that if the sha256sums.asc file exists, you must remove it first so
-     the old version doesn't get written into the new file.
-
   6. Run `script/upload` with the tag name and the file containing the changelog
      entries for this version (not `CHANGELOG.md`, which has all versions). This
      will create a new GitHub release and upload all the assets, giving them the