I have recently come across some negative reports against GnuPG. ie GPG.
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
The GPG project is claimed to be not very secure, and is also not easy to use. Also there are a number of other tools that are claimed to be more secure than GPG too.
However there is a new project that aims to be the next generation security tool and be more superior than GPG.
https://sequoia-pgp.org/
It may be worthwhile for GitLab to officially support Sequoia PGP (or equivalent) as the project matures.