Clarify that "merge --verify-signatures" checks the signature on the
tip commit of the history being merged.
Uniformise the vocabulary used wrt. key/signature validity with OpenPGP:
- a signature is valid if made by a key with a valid uid;
- in the default trust-model, a uid is valid if signed by a trusted key;
- a key is trusted if the (local) user set a trust level for it.
Helped-by: Junio C Hamano <gitster@pobox.com> Signed-off-by: Keller Fuchs <KellerFuchs@hashbang.sh> Signed-off-by: Junio C Hamano <gitster@pobox.com>