Check signed Web commits authorship on push

What does this MR do and why?

Check signed Web commits authorship on push

A signed commit with a customized author is invalid, so let's introduce a check that catches this misbehavior.

We allow setting an author for commits via Commits API. We may introduce sign option to mitigate it in the future.

Related issue: Signed commits created via REST API should not ... (#456481 - closed)