Previously, we wasted time creating a maintainer and signing them in,
then loaded the entire commit list just to verify the GPG status of a
single commit.
Now, we rely on the project being public so no user needs to be
authenticated, and load just the page for the commit we care about.
We're trying to give the arbitrary SHAs required by each spec a
meaningful name.
This also adds an explicit `ref` definition to each spec so we're not
dealing with a mystery guest.
Previously, this group of specs would create a new user, add them as a
maintainer, sign them in, load the project's commit list, click a
specific GPG key badge, and then verify the content in the popover.
Now, we make the project public in order to skip the user setup and
login, and load a specific commit page because it loads faster than the
commit list while still showing the GPG badge.
`perform_enqueued_jobs` is a Sidekiq method.
Using this method violates the Dependency inversion principle[0].
This commit replaces `perform_enqueued_jobs` with ActiveJob's abstract
method `perform_enqueued_jobs` in specs.
[0]: https://en.wikipedia.org/wiki/Dependency_inversion_principle
