Sign / Notarize MacOS builds

Apple has pretty much insisted that developers sign and notarize their apps for MacOS:

https://developer.apple.com/documentation/security/notarizing-macos-software-before-distribution

I've gone through the process of becoming an Apple Developer (gross, I hate that title).

GitHub build actions for MacOS x86_64 and arm64 architecturs should now sign the GAM binary files and upload them to Apple for notarization (which seems to be a malware scan mostly)

Note that there is an additional step of "stapling" the notarization to the app but it's optional and as far as I can tell there are only a few minor consequences of not stapling:

Trying to run the app for the first time while offline will fail - this doesn't matter much for GAM since trying to run GAM offline would have failed anyway. It'd fail a bit later but now it will fail a bit sooner on first run.
On first run without a staple, MacOS. will reach out to Apple servers to retrieve the notarization info for the GAM binary. This results in a minor delay of a few seconds on first run of the GAM binary (each new GAM version installed will go through this). Since MacOS then caches the staple, additional runs of the GAM binary should be very fast.
Since we're not waiting for the notarization to complete and then stapling, it's possible a given GAM binary release could be published and installed by users before notarization is complete and result in ugly security warnings to the user. The first few notariations I performed with GAM took ~12 to complete but since then Apple has "learned" what GAM binaries look like and notarization generally completes in a few minutes. If we run into issues here, we can tell the notarization command in GitHub actions to actually wait until Apple notarization is complete but that will obviously slow down builds.

GAM-team / GAM

Sign / Notarize MacOS builds #1700