Add SSH commit signing for HEAD commits

[kausters]

Summary

Hi! This PR adds SSH commit signing support for GitUpKit user-facing HEAD commit flows. Repositories configured like the Git CLI with commit.gpgsign=true and gpg.format=ssh now create commits with a gpgsig SSH signature for normal commits, merge commits, amend, and conflict-resolution commits.

To limit changes scope, the change intentionally supports only SSH signing. Non-SSH signing formats, including OpenPGP and X.509, continue to produce unsigned GitUp commits rather than blocking existing workflows. History replay/reorder paths also remain unsigned; signing those GitUp-created rewrite commits can be considered separately from signing commits users make directly.

What changed

• Adds a private GCCommitSigning.m helper that creates the unsigned commit buffer, signs it with SSH, and writes the signed object through libgit2.
• Resolves SSH signing config from user.signingkey, inline SSH public keys, and gpg.ssh.defaultKeyCommand.
• Uses gpg.ssh.program or ssh-keygen, launched with GitUp login-shell PATH handling so GUI-launched GitUp can find shell-installed signers.
• Routes user-facing HEAD commit creation through the signing-aware helper while leaving replay/rewrite helpers unchanged.
• Adds focused signing tests plus HEAD integration coverage for signed normal, merge, and amended commits.

Tests

• Focused GitUpKit signing and HEAD integration tests pass.
• Test coverage includes unsigned behavior when signing is disabled, unsigned behavior for unsupported non-SSH formats, missing key errors, inline key and default key command resolution, key path signing, signer failure, and Git CLI verify-commit verification with an allowed signers file.

Notes

• I AGREE TO THE GITUP CONTRIBUTOR LICENSE AGREEMENT
• I am not an Obj-C developer at all so if anything's not up to the project standards, please let me know
• I'm not clear on the wishes of the contribution guidelines around commits, as I normally just have GitHub squash PR commits on merge. Please let me know if you'd like them pre-flattened or whatever.
• Fixes (partially? because we're not signing all commits yet, might follow up with another PR) Support SSH signing #1036.
• Note how all the commits in this PR show up as "Verified" on GitHub 😉 Some repos actually require that, hence my doing this.