Show if commit is signed in activity feed and unify sha box (#6933)

Old activities are shown like before, new commits are displayed like commits in e.g. the commits list. _(Second commit)_

| New signed commits | Old (signed) commits |
|:--:|:--:|
| ![image](/attachments/cd81c761-eda6-44bf-8c43-ac3b7e6f16eb) | ![image](/attachments/243080f3-1b77-4ca7-bc03-bbf855c39c99) |

Additionally the sha box was moved in an own component to unify the usage. _(First commit)_

Closes #1824

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6933): <!--number 6933 --><!--line 0 --><!--description U2hvdyBpZiBjb21taXQgaXMgdmVyaWZpZWQgaW4gYWN0aXZpdHkgZmVlZCBvZiBhbiB1c2VyIG9yIGFuIG9yZ2FuaXphdGlvbiBmb3IgbmV3IGFjdGl2aXR5-->Show if commit is verified in activity feed of an user or an organization for new activity<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6933
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>

modules/templates/util_misc.go

@@ -1,4 +1,5 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package templates
@@ -13,7 +14,9 @@ import (
 	"time"
 
 	activities_model "forgejo.org/models/activities"
+	asymkey_model "forgejo.org/models/asymkey"
 	repo_model "forgejo.org/models/repo"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	giturl "forgejo.org/modules/git/url"
 	"forgejo.org/modules/json"
@@ -60,6 +63,7 @@ func IsMultilineCommitMessage(msg string) bool {
 type Actioner interface {
 	GetOpType() activities_model.ActionType
 	GetActUserName(ctx context.Context) string
+	GetRepo(ctx context.Context) *repo_model.Repository
 	GetRepoUserName(ctx context.Context) string
 	GetRepoName(ctx context.Context) string
 	GetRepoPath(ctx context.Context) string
@@ -109,7 +113,7 @@ func ActionIcon(opType activities_model.ActionType) string {
 }
 
 // ActionContent2Commits converts action content to push commits
-func ActionContent2Commits(act Actioner) *repository.PushCommits {
+func ActionContent2Commits(ctx context.Context, act Actioner) *repository.PushCommits {
 	push := repository.NewPushCommits()
 
 	if act == nil || act.GetContent() == "" {
@@ -123,6 +127,23 @@ func ActionContent2Commits(act Actioner) *repository.PushCommits {
 	if push.Len == 0 {
 		push.Len = len(push.Commits)
 	}
+	repo := act.GetRepo(ctx)
+	for _, commit := range push.Commits {
+		gitCommit, err := repository.PushCommitToCommit(commit)
+		if err != nil {
+			// Only happens if the commit has an invalid sha
+			commit.Verification = &asymkey_model.ObjectVerification{
+				Verified: false,
+				Reason:   "git.error.invalid_commit_id",
+			}
+			continue
+		}
+		verification := asymkey_model.ParseCommitWithSignature(ctx, gitCommit)
+		_ = asymkey_model.CalculateTrustStatus(verification, repo.GetTrustModel(), func(user *user_model.User) (bool, error) {
+			return repo_model.IsOwnerMemberCollaborator(ctx, repo, user.ID)
+		}, nil)
+		commit.Verification = verification
+	}
 
 	return push
 }