From Persistent commit signature verification now in public preview announced by GitHub on November 13, 2024:

Persistent commit signature verification solves these issues by validating signatures at the time of the commit and storing the verification details permanently [...] Now, any commit with a verified status can retain that status, even when the signing key is rotated or removed.

Persistent commit signature verification is applied to new commits only. For commits pushed prior to this update, persistent records will be created upon the next verification, which happens when viewing a signed commit on GitHub anywhere the verified badge is displayed, or retrieving a signed commit via the REST API.

_{Emphasis added by me (cocomac)}

While I haven't tried it myself yet, I think this means the verification can stay even if the GPG key is removed.