X.509 signature badge is not displayed if the certificate isn't in the DB

Summary

When commit signatures are signed with X.509, we don't return any verification status if we don't already have the X.509 certificate in the database.

Instead of doing this, we should show an unverified status and explain that we don't recognize the X.509 certificate.

Steps to reproduce

1. Create a copy of https://gitlab.com/brendan/website inside your GDK.

2. Run these commands in the rails console

   Feature.disable(:rugged_find_commit) # Rugged doesn't know how to handle X.509
   project = Project.find(id_of_your_copy_project)
   raw = Gitlab::Git::Commit.find(project.repository.raw_repository, '6da2d393ba0df8e4cdf6ccb362bdba4aacc840a1')
   commit = Commit.new(raw, project)

3. This results in unexpected behavior where the commit has a signature, but commit.signature returns nil:

   [11] pry(main)> commit.has_signature?
   => true
   [12] pry(main)> commit.signature
   => nil

What is the current bug behavior?

When the X.509 certificate is not known, we don't show any indication that the commit is signed.

What is the expected correct behavior?

If the commit has a signature, and we can't perform verification steps, then we should show an Unverified badge.

Relevant logs and/or screenshots

Possible fixes

1. Make the x509_certificate relationship on X.509 signatures optional
2. If we can't find the certificate that the commit was signed with, we should still persist a X509CommitSignature record, but with an unverified status