Ignore revoked or invalid GPG uids on key import

What does this MR do?

This MR updates Gitlab::Gpg::user_infos_from_key to ignore uids, that have been revoked. This is desired, because otherwise it leaves stale email addresses up for validation in the GPG Key settings within GitLab.

Existing keys are not touched. To remove stale emails/uids a user needs to delete the key from GitLab, and reimport.

Thanks to @brtz and @bellkadse from the wider community for their help on this.

Screenshots

For comparison the gpg output:

Full edit, this will also show revoked keys. This is what GitLab.com shows right now.

gpg --edit-key 3AFF3AB493B3420D9E5D39529A6A0E3A064C6C3D
gpg (GnuPG) 2.2.17; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa4096/9A6A0E3A064C6C3D
     created: 2016-02-06  expires: never       usage: SC  
     trust: ultimate      validity: ultimate
The following key was revoked on 2016-05-02 by RSA key 9A6A0E3A064C6C3D Hendrik 'T4cC0re' Meyer <mail@t4cc0.re>
ssb  rsa4096/DB776656D580D180
     created: 2016-02-06  revoked: 2016-05-02  usage: E   
sub  rsa4096/7CF04626E755E1D9
     created: 2016-05-02  expires: never       usage: E   
[ultimate] (1). Hendrik 'T4cC0re' Meyer <mail@t4cc0.re>
[ revoked] (2)  Hendrik 'T4cC0re' Meyer <mail@xendo.net>
[ultimate] (3)  Hendrik 'T4cC0re' Meyer <t4cc0re@gmail.com>
[ revoked] (4)  Hendrik 'Xendo' Meyer <mail@xendo.net>
[ revoked] (5)  Hendrik 'Xendo' Meyer <t4cc0re@gmail.com>
[ revoked] (6)  Hendrik Jonas Meyer (Bigpoint GmbH) <h.meyer@bigpoint.net>
[ultimate] (7)  Hendrik 'T4cC0re' Meyer (GitLab Inc.) <t4cc0re@gitlab.com>
[ultimate] (8)  Hendrik 'T4cC0re' Meyer <code@t4cc0.re>

gpg -k only shows uids that are considered valid. This is, what the patched version shows.

gpg -k 3AFF3AB493B3420D9E5D39529A6A0E3A064C6C3D
pub   rsa4096 2016-02-06 [SC]
      3AFF3AB493B3420D9E5D39529A6A0E3A064C6C3D
uid           [ultimate] Hendrik 'T4cC0re' Meyer <mail@t4cc0.re>
uid           [ultimate] Hendrik 'T4cC0re' Meyer <t4cc0re@gmail.com>
uid           [ultimate] Hendrik 'T4cC0re' Meyer (GitLab Inc.) <t4cc0re@gitlab.com>
uid           [ultimate] Hendrik 'T4cC0re' Meyer <code@t4cc0.re>
sub   rsa4096 2016-05-02 [E]

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

Related issues:

• #19816 (closed)
• #24572
• #22181 (closed)