Add Developer Certificate of Origin Bot to enforce signed commits

[willvelida]

We should enforce signed commits. This is the same bot that the Dapr project uses that we could use: https://probot.github.io/apps/dco/

@DanielLarsenNZ you'll need to install this on your fork since your fork is the main one :)

If you have an alternative way of enforcing signed commits, or think that we shouldn't do this, let's discuss :)