gpg commit signing guidance - avoid comments when creating gpg keys

[tomdavies-nhs]

Working through git config with a new contributor we encountered an issue with the gpg signing guidance.

Specifically, git could not automatically match the gpg key during a commit operation, and threw the following error:

gpg: skipped No secret key
gpg: signing failed: No secret key
error: gpg failed to sign the data
fatal: failed to write commit object

We determined that this was due to a comment being added during the gpg --full-generate-key operation. This resulted in the gpg key being of the format: RealName (Comment) <email-address>, which prevented automatic matching.

Suggest that https://github.com/NHSDigital/software-engineering-quality-framework/blob/main/practices/guides/commit-signing.md is amended to recommend avoiding use of comments during the key generation process and/or an update to the troubleshooting section.