Follow up to WFLY-20781 which adds a DCO file.

As discussed on https://github.com/wildfly/wildfly/pull/19073 there is no built in policy in GH to enforce commits are properly signing DCO. A DCO actually requires the attestation, which is typically given adding Signed-off-by in Git (git commit -s ...).

To make sure that we comply with the DCO, we should also accompany this by an automated check.

I have previously suggested a GitHub Action, but that is inferior to GitHub App - it needs to be configured per repository and maintained which is a hassle. This can be remedied by setting up a GitHub App instead which enforces it on selected/all repositories in the GitHub Org. So this needs to be setup only once per org.

The best plugin for this appears to be managed by CNCF: https://github.com/cncf/dco2
To install, one can head over to https://github.com/apps/dco-2 and Install (or Configure if previously used). It then appears in each PR as a check same way as a GHA would do.

As an experiment and example, I set it up in this repo, this is what correctly signed-off commit looks like: https://github.com/clusterbench/clusterbench/pull/604/checks