Allow for GPG signing without manually configuring keys

[s0]

This follows on from #126, #127, #131.

Firstly, I'd just like to say I love changesets 🦋! Thanks for putting together such a great project.

Recently I found myself using this action, and facing some difficulties around branch protection / repo rulesets that require signed commits, and the default behavior of the action when it comes to creating the "Version packages" PRs.

My options were either to:

1. rebase / amend every PR created to bump versions manually, so that the commits are signed
2. Register a new GitHub User, generate a GPG key for it, generate a personal access token for it, provision access to the repository, add the private key and token as secrets, and update the GitHub workflow to configure git and GPG appropriately.
3. Update the action to use GitHub's API to create changes, which is signed by default by GitHub's internal GPG key, and works with both user tokens and app tokens (i.e. GitHub Actions). See: https://github.com/s0/ghcommit?tab=readme-ov-file#why

Given that (1) is a lot of manual work per release (no longer can you just release using GitHub's UI), and (2) would be a considerable amount of setup, with the added risk of secret exposure, it probably makes most sense to implement (3).