build: add auths checks

Author: bordumb

.auths/allowed_signers

@@ -0,0 +1,5 @@
+# auths:managed — do not edit manually
+# Current identity (E6IXlw5-lnX88r3WZCt3u1qyN_Xlq7nQjtoTmuOfMIjI)
+z6MktnihicwetvA16FtHFynaJTn9eDZw51eizUEA1yGJCR4o@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINT/yz5N7+GkzsRTHiyaueZbDy+fovwYUXyJ9uwD67tk
+# Previous identity
+z6MkipUqayiDZWM8j4YktjiEFZcCGw51YDVvLM7SrYPqLLyZ@auths.local namespaces="git" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDeaOmUEcUjzChUedAsPyDO4mnjIa8j92fD9rGpuZd0

.github/workflows/verify-commits.yml

@@ -0,0 +1,24 @@
+name: Verify Commits
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: auths-dev/auths-verify-github-action@v1
+        with:
+          allowed-signers: .auths/allowed_signers
+          fail-on-unsigned: true
+          post-pr-comment: 'true'
+          github-token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -1,6 +1,7 @@
 # capsec
 
 [![CI](https://github.com/auths-dev/capsec/actions/workflows/ci.yml/badge.svg)](https://github.com/auths-dev/capsec/actions/workflows/ci.yml)
+[![Verify Commits](https://github.com/auths-dev/capsec/actions/workflows/verify-commits.yml/badge.svg)](https://github.com/auths-dev/capsec/actions/workflows/verify-commits.yml?query=branch%3Amain+event%3Apush)
 [![crates.io](https://img.shields.io/crates/v/capsec.svg)](https://crates.io/crates/capsec)
 [![docs.rs](https://docs.rs/capsec/badge.svg)](https://docs.rs/capsec)