Add support for SignTool HSM providers

[Sytten]

We are moving to Google HSM for our code signing.
It is surprisingly simple to setup with SignTool: signtool sign /v /debug /fd sha256 /t http://timestamp.sectigo.com /f path/to/mycertificate.crt /csp "Google Cloud KMS Provider" /kc projects/PROJECT_ID/locations/LOCATION/keyRings/KEY_RING/cryptoKeys/KEY_NAME/cryptoKeyVersions/1 path/to/file.exe

Right now the WindowsSignToolManager doesn't support the csp and kc parameters, but I feel this is somewhat easy to add.
I think I would create a new hsmSignOptions key just to match the azureSignOptions. The other parameters should be slowly deprecated since nobody issues cert anymore without an HSM or USB key (June 1st 2023 was the last time full certs were issued without HSM or FIPS key).

[mmaietta]

I think we're on waaaay too old of a signtool.exe to be able to support that, but it's worth a shot!
Updating the signtool toolsets in this PR #9430

Why a seperate hsmSignOptions? If it's still using signtool, shouldn't we leverage a similar config?

Related, I do plan on migrating the Azure Trusted Signing to use the updated signtool toolset once it's more battle tested

[Sytten]

Interesting I thought it was using the one from the OS but it is downloading it?

My thinking is that there are a lot of parameters in the root which is kind of becoming hard to grasp which are needed for each usecase. Like azure is mutually exclusive with the fields for a local cert so I could see

• Azure
• local
• hsm
• fipsKey

As top level keys

[mmaietta]

All tools are downloaded from https://github.com/electron-userland/electron-builder-binaries with hardcoded checksums in electron-builder for validating the download's integrity.

That sounds very reasonable. I'm wondering what the properties would be for each one then. I'm not familiar with hsm or fips

[Sytten]

Ok ok.
For HSM the authentication usually needs to be handled before hand so in the config itself it is mostly the provider (mapped to csp arg) and the container (mapped to kc)