fix: prevent NoMethodError from LD-Signature failure and tag race

LinkedDataSignature#verify_account! returned `false` from the
OpenSSL::PKey::RSAError rescue, which slipped past the `.nil?` check
in ProcessCollectionService and left `@account = false`, causing
`false.suspended?` later on. Return nil instead to match the rest of
the method's contract.

Tag.find_or_create_by_names silently returned nil when the post-
RecordNotUnique re-lookup failed (e.g. under read-replica lag),
which surfaced far away as `nil.valid?` in Activity::Create#process_hashtag.
Re-raise the original RecordNotUnique so Sidekiq retries the job
instead of propagating a nil tag through the pipeline.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: hinaloe

app/lib/activitypub/linked_data_signature.rb

@@ -29,7 +29,7 @@ def verify_account!
 
     creator if creator.keypair.public_key.verify(OpenSSL::Digest.new('SHA256'), Base64.decode64(signature), to_be_verified)
   rescue OpenSSL::PKey::RSAError
-    false
+    nil
   end
 
   def sign!(creator, sign_with: nil)

app/models/tag.rb

@@ -94,7 +94,11 @@ def find_or_create_by_names(name_or_names)
         tag = begin
           matching_name(normalized_name).first || create!(name: normalized_name)
         rescue ActiveRecord::RecordNotUnique
-          find_normalized(normalized_name)
+          # A concurrent insert won the race. The row should be visible now,
+          # but if it isn't (e.g. read-replica lag), re-raise instead of
+          # silently yielding nil to callers — Sidekiq's retry will pick it
+          # up once the row is visible.
+          find_normalized(normalized_name) || raise
         end
 
         yield tag if block_given?