See https://tails.boum.org/todo/Should_tails_publish_a_signed_copy_of_their_SSL_public_key_on_their_website/
If a signed text file containing the expected hash of the *.boum.org SSL certificate is available, GANDI SAS can get hacked all they want
The Tails gpg key that is used to sign .isos is able to be verified by means other than via an SSL website too (eg Debian developers have signed the key). If this .iso signing key is used to provide a signed copy of the websites SSL key (or a text file with the hash of the SSL certificate, the same hash you can view by clicking the SSL icon in your web browser) then it could all be verified once, and GANDI SAS could get hacked, or become unreliable, or government-backdoored and we would not be reliant on GANDI SAS
Please discuss
The goal of monkeysphere (also see our ?todo item) is to introduce the OpenPGP Web-of-Trust into the authentifocation process of certificates used in web browsing, among other protocols. You should have a look into it, because it does what you describe, but in an automated way.
The method you describe is IMHO a bit too ad-hoc. If people don't use monkeysphere (which pretty much is the case) I cannot see why people would want to use this even more awkward method.