add gitsign as an additional verifier for Git commit signatures

[developer-guy]

Gitsign is one of the newest projects developed by Sigstore aiming for signing Git commits through the backbones of Sigstore tooling Rekor and Fulcio to enable a keyless approach. As of now today Flux uses PGP keys to verify Git commit signatures, we (w/@dentrax) thought that adding Gitsign as an additional verifier to Flux would be great to have a feature for the people who uses Gitsign to sign commits.

PTAL @dlorenc wlynch