Clarify call to action of unverified GPG Keys

Problem to solve

When viewing personal GPG Keys in User Settings > GPG Keys it is not obvious why a key is unverified or how it can be resolved.

Screenshot

Proposal

Add a popover to the badge, and clarify the meaning of unverified and (stretch goal) what to do next.

See Figma

Scenarios

A GPG key is listed as verified if the email address associated with the GPG key is a verified email on the account. So if a user has confirmed their email and then used a GPG key with the same email address it will list as verified.

References

Similar issue for GitHub users
Unverified commits in GitLab when using gpg with subkeys

Edited Feb 23, 2021 by Austin Regnery