Add SSH commit signing for HEAD commits

[kausters]

Summary

This PR adds SSH commit signing support for GitUpKit user-facing HEAD commit flows. Repositories configured like the Git CLI with commit.gpgsign=true and gpg.format=ssh now create commits with a gpgsig SSH signature for normal commits, merge commits, amend, and conflict-resolution commits.

The change intentionally supports SSH signing for now. Non-SSH signing formats, including OpenPGP and X.509, continue to produce unsigned GitUp commits rather than blocking existing workflows. History replay/reorder paths also remain unsigned; signing those GitUp-created rewrite commits can be considered separately from signing commits users make directly.

What changed

• Adds a private GCCommitSigning.m helper that creates the unsigned commit buffer, signs it with SSH, and writes the signed object through libgit2.
• Resolves SSH signing config from user.signingkey, inline SSH public keys, and gpg.ssh.defaultKeyCommand.
• Uses gpg.ssh.program or ssh-keygen, launched with GitUp login-shell PATH handling so GUI-launched GitUp can find shell-installed signers.
• Routes user-facing HEAD commit creation through the signing-aware helper while leaving replay/rewrite helpers unchanged.
• Adds focused signing tests plus HEAD integration coverage for signed normal, merge, and amended commits.

Tests

• Focused GitUpKit signing and HEAD integration tests pass.
• Test coverage includes unsigned behavior when signing is disabled, unsigned behavior for unsupported non-SSH formats, missing key errors, inline key and default key command resolution, key path signing, signer failure, and Git CLI verify-commit verification with an allowed signers file.

Notes

I AGREE TO THE GITUP CONTRIBUTOR LICENSE AGREEMENT

[kausters]

Moved to #2