Store verification failure reason in x509 commit signatures

Proposal

Per #335087 (closed) , debugging why x509 commits are showing as unverified is a tricky proposition.

We have a table, x509_commit_signatures. I propose that we add a verification_failure_reason to this table, which can store information about why a commit is marked as unverified when we create / update one of these records as unverified. This will aid us in debugging something that nobody at GitLab has much of an idea about 😅