Ensure we only allow to dpeloy commits that were signed with keys we
mark as trusted signing keys for the security tracker.