Beyond Identity: Handle pre-existing GPG keys

Overview

If a customer has pre-existing GPG keys, i.e they had been added before BeyondIdentity integration was activated, the keys are marked as externally_verified: false according to this logic:

    def validate_beyond_identity!
      integration = Integrations::BeyondIdentity.for_instance.first

      return unless integration&.activated?

      integration.execute({ key_id: key.primary_keyid, committer_email: key.user.email })

      key.externally_verified = true
    rescue ::Gitlab::BeyondIdentity::Client::ApiError => e
      key.errors.add(:base, "BeyondIdentity: #{e.message}") unless e.acceptable_error?

      key.externally_verified = false
    end

The default value for externally_verified column is `false.

At the moment, the commits signed by the keys that are not externally verified are rejected (link). It was done due to performance reasons: we don't need to verify the key if it's been rejected already. However, this logic doesn't handle the case if the key is pre-existing.

Proposal

Simplest solution: remove the line that rejects the commits signed by the keys that are not externally verified. We'll still perform the check only once in a day.

Edge case: if the pre-existing key was added recently (less than 1 day ago), we'll still have this problem. Otherwise, we may need a separate column to indicate verification.