Render verification status for gpg signed tags

What does this MR do and why?

• This adds a new class Gpg::Signature based on existing code from https://gitlab.com/gitlab-org/gitlab/-/blob/19260-use-signature-for-render/lib/gitlab/gpg/commit.rb

• The new class is used from views:

  • https://gitlab.com/gitlab-org/gitlab/-/blob/19260-use-signature-for-render/app/views/projects/commit/_signature.html.haml#L3
  • https://gitlab.com/gitlab-org/gitlab/-/blob/19260-use-signature-for-render/app/views/projects/commit/_signature_badge.html.haml#L31

• There's a follow-up MR to use the new Gpg::Signature class in place of the code it was extracted from: Refactor Gpg::Commit to delegate signature methods (!200870 - merged)

Screenshots or screen recordings

Before	After

How to set up and validate locally

1. Create a gpg key (https://docs.gitlab.com/user/project/repository/signed_commits/gpg/#create-a-gpg-key)
2. Create a project
3. Create signed tags and push them to the project as the user with the gpg key (For example: GIT_COMMITTER_NAME="Test User" GIT_COMMITTER_EMAIL="email@example.com" git tag -s test -m "Testing")
4. Enable the render_gpg_signed_tags_verification_status feature flag (The existing behaviour is to render the unverified status badge)
5. Check on the tags view and see that associated signature is verified

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #19260