docs: add commit signing requirement to CONTRIBUTING.md

[watson]

What does this PR do?

This PR adds a new "Sign your commits" section to the CONTRIBUTING.md file that requires all commits in pull requests to be signed with GPG keys. The section provides comprehensive documentation including:

• Step-by-step setup instructions with links to GitHub documentation
• Commands for configuring automatic commit signing
• Instructions for retroactively signing existing unsigned commits using interactive rebase

Motivation

Commit signing ensures the authenticity and integrity of contributions to the project by cryptographically verifying that commits actually come from the claimed author. This is a security best practice that helps prevent commit spoofing and maintains a verifiable chain of custody for code changes. By documenting this requirement clearly in the contributing guidelines, we make it easier for contributors to comply and understand why this practice is important.

[watson]

• docs: add commit signing requirement to CONTRIBUTING.md #7108 👈 (View in Graphite)
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Overall package size

Self size: 3.59 MB
Deduped: 4.47 MB
No deduping: 4.47 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 1.15.0 | 127.66 kB | 856.24 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.77%. Comparing base (a8ed0d8) to head (51615e2).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #7108      +/-   ##
==========================================
- Coverage   84.78%   84.77%   -0.01%     
==========================================
  Files         521      521              
  Lines       22149    22149              
==========================================
- Hits        18778    18776       -2     
- Misses       3371     3373       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[datadog-datadog-prod-us1]

⚠️ Tests

✨ Fix all issues with Cursor

⚠️ Warnings

❄️ 1 New flaky test detected

tests.debugger.test_debugger_expression_language.Test_Debugger_Expression_Language.test_expression_language_comparison_operators[express5] from system_tests_suite (Datadog) (Fix with Cursor)

AssertionError: The following probes were not found:
  log3a090-a757-452c-806f-cd9d82028a87
  log679a3-5562-4636-a35d-63ff387b81dc
  logdaae5-c3f1-4722-b378-87e75b431a14
  log3a273-6ce3-4dc9-8a33-ba86a21bfd71
  logc2176-26e9-42ad-9cf1-75c377c06b60
  logeffa7-2568-4a13-b789-3b30c84fa554
  log2b0f1-37b5-4fd8-b9fe-42c292fda73e
  log50198-e517-4ed1-bb3e-c380791ef144
  logbfff1-f13a-42dd-b20b-fa73a9726200
...

ℹ️ Info

🧪 All tests passed

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 51615e2 | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-12-16 11:08:34

Comparing candidate commit 51615e2 in PR branch watson/contrib-sign-commits with baseline commit a8ed0d8 in branch master.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 292 metrics, 27 unstable metrics.

scenario:shimmer-runtime-declared-wrap-24

• 🟩 execution_time [-4.413ms; -1.841ms] or [-12.388%; -5.167%]