Update notes for submitted changes

* GPG: check that the key found is a signing key
* GPG: use key fingerprint suffix to compare id for signing key

65/36b5cbca8b876e92c5943f25768ba0c450eada

@@ -0,0 +1,8 @@
+Verified+1: JGit Bot <jgit-bot@eclipse.org>
+Verified+1: CI Bot
+Code-Review+2: Gunnar Wagenknecht <gunnar@wagenknecht.org>
+Submitted-by: Thomas Wolf <thomas.wolf@paranor.ch>
+Submitted-at: Wed, 22 May 2019 02:22:58 -0400
+Reviewed-on: https://git.eclipse.org/r/142532
+Project: jgit/jgit
+Branch: refs/heads/master

ef/e6d2bb5b71e5a8fa0b96fc73868ca717e1d4f1

@@ -0,0 +1,7 @@
+Verified+1: CI Bot
+Code-Review+2: Gunnar Wagenknecht <gunnar@wagenknecht.org>
+Submitted-by: Thomas Wolf <thomas.wolf@paranor.ch>
+Submitted-at: Wed, 22 May 2019 02:22:58 -0400
+Reviewed-on: https://git.eclipse.org/r/142533
+Project: jgit/jgit
+Branch: refs/heads/master