An https connection ensure that you're connected to the real Central but it doesn't tell you anything about where the artifacts originally came from. Those artifacts are uploaded by large numbers of developers. If any one of them had their password stolen, malicious artifacts could end up being uploaded. PGP offers two extra qualities: firstly, it is harder to steal a PGP key than to steal a password. Secondly, in case of a security breach, a PGP key can be revoked.
Of course, you're not accessing Central directly - you're going via a local proxy. Use of PGP means that you don't need to trust that proxy, and you can verify the PGP signatures yourself.
As an aside, for security in depth, SSL access to Central is available, for a small token payment: https://blog.sonatype.com/people/2012/10/now-available-ssl-connectivity-to-central/ .