Migrate from SignClient to `sign` tool and specify SDK in global.json

[MattKotsenas]

Fixes #42

Switch to the newer dotnet/sign CLI tool. As part of the switch I refactored the YAML file slightly:

1. Add a minimum SDK version in global.json. This helps prevent "works on my machine" issues by ensuring that CI is running a reasonable SDK version. I'm open to suggestions on the rollforward strategy; currently being as permissive as possible
2. Switch the YAML from using a deployment to a regular job; deployments aren't used very commonly and behave a bit differently (i.e. don't clone, automatically download all artifacts, etc.) so using a regular job to be "less magical"
3. Rather than install the sign tool in the CI pipeline, I add it as a dotnet tool; this makes it easier to discover / upgrade versions since that tool is stored with the others

[MattKotsenas]

Example of passing build: https://dev.azure.com/dotnet/Projects/_build/results?buildId=107477&view=results