We should require a `Signed-off-by` in all the commits that come from the community

This was brought to my attention in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17077#note_58838120.

The DCO that we're using (https://gitlab.com/gitlab-org/dco/blob/master/README.md) only takes effect when contributors include a Signed-off-by header in their commits (Chef has a good documentation on that: https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco).

I think we should add a checkbox in our MR template similar what Chef does:

- [ ]  All commits have been signed-off for the Developer Certificate of Origin. See https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco

Obviously we should change https://github.com/chef/chef/blob/master/CONTRIBUTING.md#developer-certification-of-origin-dco to a doc of our own.

@jhurewitz The other question is, from a legal matter, what happens when contributors don't include a Signed-off-by header in their commits?

/cc @dzaporozhets @DouweM @smcgivern @ayufan @nick.thomas @grzesiek