Docs: Add example of GPG verification

Overview

The original proposal asks for a way for GitLab Runner to validate git commits, and make sure that the signature is part of the "verified" list. This can be already done with pre_build_script, and it really depends on the user environment and configuration, that is why it's not part of the GitLab Runner product. We should add documentation about this to show an example to the user how it should be done.

Original Proposal

It would be nice if the runner could verify the gpg signature of the commit or tag it is running on, so only cryptographically aproved commits can be deployed.

To make addition and removal of allowed gpg keys easier, the runner could check if the key of the signer is signed by some master/ca/supervisor key.