"Mark of the Web" prevents Windows app from running when distributed as a ZIP file

[rmartin16]

Describe the bug

When a ZIP-packaged app is extracted and runs, a stacktrace is shown when loading DLLs fails (as seen in https://github.com/beeware/briefcase/discussions/1881).

This first happens when pythonnet tries to load its Python runtime DLL (Python.Runtime.dll) and then for the WebView DLL from toga-winforms.

The underlying issue is Windows' Mark of the Web (MotW) functionality that prevents running foreign code while the file is marked.

Steps to reproduce

Package an app for Windows using ZIP. Extract and run that app on another machine.

Expected behavior

The app should successfully run.

The issue can be worked around by manually removing the MotW from all DLLs in the app (via selecting "Unblock" in the DLL file's properties).

To bypass the MotW check automatically, we can tell the .NET runtime to allow loading remote sources.

This can be accomplished via a <App Formal Name>.exe.config file alongside the app's stub exe:

<configuration>
   <runtime>
      <loadFromRemoteSources enabled="true"/>
   </runtime>
</configuration>

Since this is not needed for MSI packages, it may be best to add this file only when packaging as a ZIP.

Screenshots

No response

Environment

• Operating System: Windows 11
• Python version: 3.11
• Software versions:
  • Briefcase: 0.3.20.dev15+g93ee7e9f

Logs

No response

Additional context

No response

[freakboy3742]

Given how simple the file is, it should be possible to inject this directly into the zip file at time of packaging without ever writing a file to disk.

However, before we do that, I'd like to understand what else this file is used for. If there's any possibility we might want to use it for any other app configuration, we might want to add it earlier in the build process.