Describe the feature or problem you’d like to solve

Currently, when someone merges a Pull Request using the Github UI and the "Squash and Merge" option, the commit is signed with the Github GPG key and the PR status changed to merged automatically.

Would it be possible to sign the squash commit using the user GPG key?

Proposed solution

It seems to me that Github uses its own GPG key because it wouldn't be a viable solution for the users to upload their private keys to Github, but as Github CLI runs locally it would be possible to use the collaborator key to sign the squashed commit, increasing the overall confidence that the code wasn't tampered with.

Additional context

Add any other context like screenshots or mockups are helpful, if applicable.