Support AzureSignTool

[marcoesters]

Checklist

• [X] I added a descriptive title
• [X] I searched open requests and couldn't find a duplicate

What is the idea?

AzureSignTool is another tool that can be used to sign binaries. It uses a vault to obtain the certificate instead of using a certificate file.

constructor should extend its support to different signing tools and also support key-vault signature processes.

Why is this needed?

Using vaults to sign binaries is going to be more and more important. AzureSignTool uses a vault without files, so signing installers is not possible with this

As of now, constructor uses signtool.exe and local files to sign binaries, so AzureSignTool or other file-less signature tools will not work.

What should happen?

• Expanding construct.yaml to allow for vaults to sign packages.
• Allow for other tools to sign binaries, starting with AzureSignTool.

Additional Context

No response

[marcoesters]

Supporting AzureSignTool is a two-pronged project:

• signing_certificate is a file name. It can be overloaded to accept vault as a magic keyword or we create a new key.
• AzureSignTool uses different arguments. If we want to future-proof this, we may want to create a class that can be expanded to add other tools in the future.