v2.320.0 release commit was unsigned/unverified

**Describe the bug**

The git commit releasing `v2.320.0` was not signed and is unverified on GitHub. This prevents `git verify-commit` from validating the release integrity of the branch. 

Previously, @nebuk89 [committed to adding repo rules to enforce this in the future](https://github.com/actions/runner/issues/3409#issuecomment-2318562542) in August. It appears those security rules have not been updated. As of this writing, the last signed release was `v2.317.0` in May 2024.  


**To Reproduce**
Navigate to https://github.com/actions/runner/releases, find all recent releases are unsigned.
![image](https://github.com/user-attachments/assets/58008001-5871-4e8a-b836-989e8877a435)


**Expected behavior**
The release commit has signature verification.
![image](https://github.com/user-attachments/assets/d5d191ac-b8d5-4e8a-ac5a-920080a9e53d)


## Runner Version and Platform
Version of your runner? 2.320.0


## What's not working?
`git verify-commit v2.320.0` fails due to unsigned/unverified commit.


## Job Log Output
N/A


## Runner and Worker's Diagnostic Logs
N/A


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

v2.320.0 release commit was unsigned/unverified #3509

Runner Version and Platform

What's not working?

Job Log Output

Runner and Worker's Diagnostic Logs

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

v2.320.0 release commit was unsigned/unverified #3509

Description

Runner Version and Platform

What's not working?

Job Log Output

Runner and Worker's Diagnostic Logs

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions