[Feature request] Request the last git commit to be signed

[hoh]

Since comin can update it's own configuration from a git repository, trust in the repository seems absolute and a compromise of the forge could lead to a compromise of the machine.

Requiring the last git commit to be signed with a GPG key would add an extra security, requiring an adversary to not only compromise the forge and/or the repository, but obtaining the private key of one of the approved committers as well.

This would also allow unauthorized committers to publish to the repository while only commits signed with an preauthorized key would trigger an update of the system.

Requiring updates to be upstream the current configuration would help avoiding unauthorized rollbacks, preventing replay attacks.