Only check at least one email gpg key

[sapk]

Fix #2213 & #2187 by relaxing the control on import by allowing any key with one key at least matching one email of the user.

Commit validation should stilll be good because I use GetUserByEmail to get the user from commiter email and this method need that the email is activated. And add an extra checkup and optimization by checking before checking sign if the emails attached to the key can validate this particular email of commiter.

Still to do :

• ~~~Add integration tests for validation of commit to check corner case.~~~

Extra :

Command line to test this : go test -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite' && GITEA_ROOT="$GOPATH/src/code.gitea.io/gitea" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.v -test.run GPG

[sapk]

[jqs7]

the integration tests of pgsql failed because pgsql insert record start with ID 10001:

create pgp key: {"id":10001,"primary_key_id":"","key_id":"38EA3BCED732982C","public_key":"xsBNBFmGVsMBCACuxgZ7W7rI9xN08Y4M7B8yx/6/I4Slm94+wXf8YNRvAyqj30dWVJhyBcnfNRDLKSQp5o/hhfDkCgdqBjLa1PnH
lGS3PXJc0hP/FyYPD2BFvNMPpCYSeu3T1qKSNXm6X0XOWD2LIrdiDC8HaI9FqZVMI/srMK2CF8XCL2m67W1FuoPlWzod5ORy0IZB7spoF0xihmcgnEGElRmdo5w/vkGH8U7Zyn9Eb57UVFeafgeskf4wqB23BjbMdW2YaB+yzMRwYgOnD5lnBD4uqSmvja
V9C0kxn7x+oJkkiRV8/z1cNcO+BaeQAkh/yTTeTzYGSc/ZOqCX1O+NOPgSeixVlqenABEBAAE=","emails":[{"email":"user2@example.com","verified":true}],"subkeys":[{"id":10002,"primary_key_id":"38EA3BCED732982$
","key_id":"70D7C694D17D03AD","public_key":"zsBNBFmGVsMBCADAGba2L6NCOE1i3WIP6CPzbdOoN3gdTfTgccAx9fNeon9jor+3tgEjlo9/6cXiRoksOV6W4wFab/ZwWgwN6JO4CGvZWi7EQwMMMp1E36YTojKQJrcA9UvMnTHulqQQ88F5E8
45DhzFQM3erv42QZZMBAX3kXCgy1GNFocl6tLUvJdEqs+VcJGGANMpmzE4WLa8KhSYnxipwuQ62JBy9R+cHyKTOARk8znRqSu5bT3LtlrZ/HXu+6Oy4+2uCdNzZIh5J5tPS7CPA6ptl88iGVBte/CJ7cjgJWSQqeYp2Y5QvsWAivkQ4Ww9plHbbwV0A2ea
HsjjWzlUl3HoJ/snMOhBABEBAAE=","emails":null,"subkeys":null,"can_sign":true,"can_encrypt_comms":true,"can_encrypt_storage":true,"can_certify":true,"created_at":"2017-08-06T07:37:39+08:00","ex
pires_at":"2019-08-06T07:37:39+08:00"}],"can_sign":true,"can_encrypt_comms":true,"can_encrypt_storage":true,"can_certify":true,"created_at":"2017-08-06T07:37:39+08:00","expires_at":"2019-08-
06T07:37:39+08:00"}

[sapk]

Rebase and I use the ID returned in the list of key to try to get one specific key. So the test are not failing anymore on pgsql that have index not starting at 1.
Thanks @jqs7 for the insigth.

[strk]

Trusted LGTM, but I don't like those .git objects in the repository (any way to create those repositories from input files, with a script ?)

[lafriks]

LGTM

[lunny]

@strk any better idea than put the .git directory on the repo?

[lafriks]

@strk Btw just saw that you allow adding gpg key even if no emails is validated/active. Why so why not force at least one activated email?

[lunny]

@sapk and seems this PR caused all other PRs' tests failed since wrong protected branch settings. I have corrected wrong protected branch, but maybe you can send a PR to fix the tests.

[sapk]

@lunny I will have a look at it.

@strk I could generate the repo. This will need some extra work because we need to have key for signing maybe done in another PR.

[sapk]

Should I backport these to 1.2.0 ? (with #2467)