Add :same_user_different_email status for SSH signatures

Vasilii Iakliushinrequested to merge
584946-add-same-user-different-email-status-for-ssh into master

What does this MR do and why?

Contributes to #584946

Problem

SSH signature verification returns generic :unverified status when the committer email doesn't match a verified email, even if the email belongs to the key owner. This makes it unclear to users whether they need to verify their email or if there's a different issue.

Solution

Implement :same_user_different_email status for SSH signatures, matching existing GPG behavior. When a commit is signed with a valid SSH key but the committer email is unverified, users now see specific feedback indicating they need to verify their email address.

Update UI messages from "GPG key mismatch" to "Signature key mismatch" to support both signature types.

References

Provide granular feedback for SSH signature ver... (#584946)

Screenshots or screen recordings

Before After
Screenshot_2026-01-06_at_11.13.44 Screenshot_2026-01-06_at_11.13.25

How to set up and validate locally

It's not easy to reproduce it on GDK.

You need a repository with SSH signatures that signed by a GDK user without confirmed email.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #584946

Edited by Vasilii Iakliushin

Merge request reports