Sending "GPG signature uploaded" email fails when using Trusted Publishing

[di]

Currently we return a 500-level failure if a user attempts to upload GPG signatures via Trusted Publishing, because we assume there is a request.user:

warehouse/warehouse/forklift/legacy.py

Lines 1144 to 1146 in d5ee54d

	send_gpg_signature_uploaded_email(
	request, request.user, project_name=project.name
	)

However this might be None if Trusted Publishing is used, in which case the email should probably go to all owners instead.

Reported in #14927, this is https://python-software-foundation.sentry.io/share/issue/4680dcbcc9d348109307d6dc0d03f900/.

[dstufft]

FWIW we're ~5 months away from my random "well maybe May 2024? date to remove the emails/warning altogether (#13733) and ~5 months since the emails/warning were added at all.

I wouldn't feel bad if we just didn't send the email at all if request.user is None, but sending to all owners seems fine too.

[di]

This seems to happen infrequently enough that this would probably be acceptable as well!

[woodruffw]

In a peak example of "weird things breaking weird things," this 503 actually breaks twine's integration tests: pypa/twine#1029 (comment)

This sufficiently surprised me while patching twine, so I'll make a quick fix here 🙂