feat: Add GitHub Actions workflow permissions and signed commits

[haya14busa]

Summary

• Added required permissions for the depup workflow (id-token, pull-requests, contents)
• Integrated Chainguard's setup-gitsign action to enable keyless Git commit signing for automated PRs

Test plan

• Verify the depup workflow runs correctly with the new permissions
• Check that commits from the workflow are properly signed with Gitsign

🤖 Generated with Claude Code