Adhoc signing happens too often

[mhsmith]

Adhoc signing of every .so or .dylib in the app takes at least 7 seconds on my machine for a minimal app, and 15 seconds for this app. So it's annoying that it happens every time I run briefcase run -u, and unnecessary because that command isn't capable of changing any of the signed files.

Similarly, briefcase package -u will adhoc sign the app, and then properly sign it all over again.

[freakboy3742]

Definitely agreed that some optimisation is called for here.

Some notes for potential implementors:

1. We can't completely drop signing on briefcase run -u - while we don't need to resign the app_packages, the signing of the app bundle as a whole is needed, because the app content has changed.
2. Build currently automatically does an automatic adhoc sign to ensure that run has a binary that can run locally. However, when invoking package, that signing during build is redundant. The good news is that the kwargs passed to build_app will have identity and adhoc_sign provided as arguments if it is being invoked transitively from a package command; this could be used as a signal to ignore the signing pass on build.
3. There is some crossover with #865; anyone tackling this issue may want to look into that one as well.
4. There is also potentially some crossover with #807. Part of the underlying issue here is that the "dirty" state of the app includes whether the file has been updated since it was last signed. Updating a single binary file should only require that single file to be re-signed; the current process does a complete re-sign, regardless of whether a file has been altered. Addressing #807 is a much bigger change; we can make significant improvements to workflows without introducing a full "dirty state" tracking system.