GPG signature must match the committer in order to be verified

See merge request !13771

Creates an icon only for the discussions and puts back the old SVG for CI status

Closes #37406

See merge request !14042

Add branch existence check to the APIv4 branches via HEAD request

Closes #37159

See merge request !13979

Fix diff comment button not showing after deleting a comment

Closes #37142

See merge request !13997

the position of the popover is correctly calculated and positioned to
the bottom when the navigation would overlap the popover.

as we destroy all gpg_signatures we don't need to downcase the email
addresses anymore.

since all the signature badge templates now have more or less the same
content we can push most of it down to the main template `_signature_badge`.

This is faster for the deployment process, as the destroyed signatures
will be re-generated on demand again, instead of updating them all on
deploy.

To avoid having to implement legacy code handling for the obsolete
`verified_signature` attribute and to avoid any race conditions during
the zero-downtime-deployment we do the following:

1. Destroy all records
2. Migration: Use add_column_with_default to add the new attribute and
   update the verification_status values on records created between 1.
   and 2.
3. Deploy the new code
4. Post migration: Destroy all records

Like this we make sure that at no point there is a record with a `nil`
value for the new `verification_status` attribute.

this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.

this is necessary for email comparisons

the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.

we need the commit object for the updated verification that also checks
the committer's email to match the gpg key and user's emails.