Ideas
=====

* update action with trusted keys support using custom gpg keydir
  and signature checking using "$GIT verify-commit --raw".