I have recently come across some negative reports against GnuPG. ie GPG.
The GPG project is claimed to be not very secure, and is also not easy to use. Also there are a number of other tools that are claimed to be more secure than GPG too.
However there is a new project that aims to be the next generation security tool and be more superior than GPG.
It may be worthwhile for GitLab to officially support Sequoia PGP (or equivalent) as the project matures.