Closes #46. Adds a fourth mode to `git_tag` so callers can confirm a
signed tag from inside the MCP without dropping to a raw `git tag -v`
shell call — the exact gap hit during the v2.13.0 wrap-up itself.

`git tag -v <tagName>` runs at the service layer with
`allowNonZeroExit`; stderr is parsed into a structured result that
distinguishes five real outcomes instead of collapsing them into a
thrown error:

- valid signature → `verified: true` with `signatureType`
  (`gpg`/`ssh`/`x509`), `signerIdentity`, and `signerKey` when git
  surfaces it
- unsigned tag → `verified: false`, `warning` names the missing sig
- missing local trust config (e.g. `gpg.ssh.allowedSignersFile`) →
  `verified: false`, `warning` flags the environment gap so callers
  don't conflate it with a real failure
- bad signature → `verified: false`, `warning` names the failure and
  preserves the claimed signer identity
- tag not found → throws `McpError(InvalidRequest)`

Unparseable-but-exit-0 output is still trusted as verified so future
git output variants don't silently regress to `verified: false`. Raw
stderr is returned as `rawOutput` for callers that want the full
output; the standard-verbosity formatter strips it while keeping
`verified` and `warning` visible at every verbosity level.

Extends the service-layer `execGit` signature with an optional
`{ allowNonZeroExit?: boolean }` and an optional `exitCode` return,
mirroring the pattern already used by `executeMerge` and
`executeCherryPick`.