Signing is signing data (i.e. gpg --sign the_file)
Certification is signing a key (i.e. gpg --sign-key the_key)
Authentication is signing a challenge (like ssh does). The Authentication stuff can be used to log in to a machine using your GPG key.
The signature math is the same however you do it. The key usage flags are just to classify things.
Originally copied from https://lists.gnupg.org/pipermail/gnupg-users/2005-April/025390.html
https://blog.ddosolitary.org/posts/use-the-ssh-feature-of-gpg-agent/