Windows: Provide code signatures on all Posit-built binaries

[jmcphers]

Positron's built-in Posit-contributed binaries do not contain any embedded signatures verifying their provenance. For instance, ark:

We should be digitally signing these to help ensure that they will not be blocked on machines with strict execution policies. This applies to all of the Windows binaries that we build (and therefore could sign with our certificate). That includes:

• Ark
• Air
• Kallichore
• Python Environment Tool (PET)

Compare with e.g. Node.js:

[stepnorm]

Just flagging on this that the code signing should also include the installer (both user and system) to support the execution policies (WDAC/App Control for Business). This needs to include the temporary copy of the installer created in the user's %TEMP% folder.

[jacpete]

This is relevant to Posit support ticket 124345