Distribute Sunshine on macOS as an app bundle signed by a trusted certificate

[cathyjf]

Sunshine should be distributed as a proper app bundle, and signed by some trusted certificate (perhaps owned by a trusted maintainer) as part of the GitHub build process. Then the Homebrew formula should be replaced by a cask that just installs the trusted binary. This will solve the following problems:

1. Permissions will not need to be removed and re-granted each time Sunshine updates any code.
2. Sunshine will not be a gaping vulnerability on the host machine. Currently, once you grant Sunshine any permissions, you're actually granting those permissions to all programs, because any program can trivially inject code into the Sunshine process. To avoid this, it's necessary for Sunshine and all its dependencies to use the hardened runtime, and be distributed as an app bundle.

(See https://github.com/LizardByte/Sunshine/issues/3348#issuecomment-2450866727 for context.)

[ReenigneArcher]

There were a lot of issues with distributing a bundle previously, which is why it was never promoted and eventually removed in favor of the macports build (although homebrew is now the preferred option). You're free to make an attempt at a new app bundle if you want and submit a PR.

This should also be a feature request so I will convert it to that.