Improve contribution guidelines for signing commits

Our PR commit signing check runs GitHub's [signing verification](https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification). We need to clarify that in the contribution guideline.

See this related comment: https://github.com/oracle/macaron/pull/612#issuecomment-1907152464