Add warrant canary with PGP-signed /chirp command

[Copilot]

Implements a warrant canary allowing users to verify bot operational status. Users send /chirp, bot responds with PGP-signed "meow" that can be cryptographically verified.

Changes

New skill: bot/skills/chirp.py

• /chirp command handler
• Signs response using python-gnupg
• Falls back to unsigned response if GPG unavailable

Key generation: bot/generate_gpg_key.py

• Batch-mode RSA 2048-bit key generation
• Exports public key for distribution
• Handles existing keys gracefully

Infrastructure

• Added python-gnupg==0.5.3 to dependencies
• Added gnupg package to dev/prod Dockerfiles
• Registered skill in bot/skills/__init__.py

Documentation: WARRANT_CANARY.md

• Setup and deployment instructions
• Signature verification guide
• Security considerations

Example Usage

User: /chirp
Bot:  -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA512
      
      meow
      -----BEGIN PGP SIGNATURE-----
      [signature]
      -----END PGP SIGNATURE-----

Users verify with: gpg --verify response.txt

Deployment

After merge, generate keys once: python bot/generate_gpg_key.py

Public key location: /app/.gnupg/nyan_bot_public.asc

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Warrant canary</issue_title>
<issue_description>## Base

Sometimes you are worried about the Nyan, sometime – he about you.

Good case:

Alice: /chirp
Nyan: meow

Not so good case:

Alice: /chirp
...(noop)

Hard mode:

We could generate a PGP key for Nayn, and sign the meow answer by private key to be sure, that answer was send by REAL Nyan.

• make a key
• add function to signing
• update canary skill</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Warrant canary #247

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.