[codex] Support SSH commit signing via external signers

[xiaotianxt]

Fixes #2188.

What changed

• replace the SSH commit-signing backend with a git-compatible external signer flow
• respect gpg.ssh.program, defaulting to ssh-keygen
• support user.signingKey as a private-key path, public-key path, literal public key, or key::...
• keep inline public-key temp files alive during signing
• remove the ssh-key dependency and move tempfile to runtime deps
• add changelog coverage and SSH signing config tests

Why

The existing SSH signing implementation only handled private keys stored on disk. That breaks real Git-supported setups such as ssh-agent-backed signing and external signers like 1Password's op-ssh-sign, even though native Git handles those configurations correctly.

Impact

• SSH commit signing now works for agent-backed and external-signer workflows that match Git's current SSH signing behavior
• literal public keys in user.signingKey no longer fail during signer construction
• the binary/dependency footprint drops by removing ssh-key

Notes

• this PR intentionally does not implement gpg.ssh.defaultKeyCommand; that should stay as a follow-up to keep the scope focused
• I saw one unrelated flaky failure in sync::branch::merge_ff::test::test_merge_fastforward during cargo test --workspace; rerunning that test in isolation passed
• make check cannot complete on this machine because cargo-nextest, tombi, and cargo-deny are not installed locally

Validation

• cargo fmt --check
• cargo clippy --workspace --all-features
• cargo test -p asyncgit
• cargo check
• cargo test --workspace
• manual smoke test with ssh-keygen -Y sign -U
• manual smoke test with /Applications/1Password.app/Contents/MacOS/op-ssh-sign