Enable Signed Commits for Datagov-bot

[btylerburton]

User Story

In order to allow for the commits made by the datagov-bot to be verified, datagovteam wants to sign its commits.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• GIVEN the datagov-bot wants to add commits to the project
  THEN I want to make sure those commmits are signed so as to pass the repository's new security rules that enforce commit signing

Background

Here's a few threads on enabling signed commits by github bots:

• Support Signed Commits by [email protected] actions/runner#667
• https://github.blog/engineering/platform-security/commit-signing-support-for-bots-and-other-github-apps/

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]

Sketch

• enable signed commits on datagov-bot, or create a new bot that has signed commits and swap that in for the original datagov-bot
• enable this new/updated bot in all datagov repos

[btylerburton]

LLM does a good job summarizing the steps. Not sure if it's hallucinating the details though:

[btylerburton]

added a signing key.
can confirm it works once datagov-bot adds some new commits.