fix: Correctly verify signatures when targetRevision is a branch name

[jannfis]

Fixes #14009

During manifest rendering, Argo CD checks out the resolved SHA of the targetRevision. This leads the repository into a detached HEAD state, from where the branch name is not reachable.

We do need to pass a tag name (i.e. the unresolved targetRevision) when validating signatures on a signed (annotated) tag though. So we'll have the repository server figure out whether a targetRevision is specifying an annotated tag or not, and call the verification routines accordingly.

Technically, we do not need hack/git-verify-wrapper.sh anymore. However, I'm going to replace the wrapper by Go code in a future PR, because this particular PR fixes a regression and needs to be cherry-picked.

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• The title of the PR conforms to the Toolchain Guide
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).
• My new feature complies with the feature status guidelines.
• I have added a brief description of why this PR is necessary and/or what this PR solves.

Please see Contribution FAQs if you have questions about your pull-request.

[jannfis]

/cherry-pick 2.7

[jannfis]

/cherry-pick release-2.7

[codecov]

Codecov Report

Patch coverage: 88.00% and project coverage change: +0.06 🎉

Comparison is base (8388ff7) 49.64% compared to head (c60a9df) 49.71%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #14214      +/-   ##
==========================================
+ Coverage   49.64%   49.71%   +0.06%     
==========================================
  Files         258      259       +1     
  Lines       44192    44301     +109     
==========================================
+ Hits        21940    22023      +83     
- Misses      20091    20113      +22     
- Partials     2161     2165       +4     

Impacted Files	Coverage Δ
reposerver/repository/repository.go	59.29% <70.00%> (+0.03%)	⬆️
util/exec/exec.go	100.00% <100.00%> (ø)
util/git/client.go	52.25% <100.00%> (+0.99%)	⬆️

... and 4 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[jannfis]

/cherry-pick release-2.7

[gcp-cherry-pick-bot]

Cherry-pick failed with Merge error 97906bb9302ae9e557947927df34dd1fe674fbd0 into temp-cherry-pick-5c9ac5-release-2.7

[jannfis]

/cherry-pick release-2.8