feat: use jsign and Google KMS for authenticode signing

[netomi]

This fixes #499 and #476 .

It applies similar changes as for the jar signing service for the windows signing service as well. Instead of calling an external program, we can utilize the jsign core library to sign windows executables in pure java code.

The deployment descriptor needs to be updated and we should generate the final certificate chain from individual certificates as it was done previously. This applies to the jar signing service as well.

The change keeps the old mechanism to use osslsigncode in place and makes it possible to switch the actual implementation based on the provided configuration.

fyi: @ebourg

[netomi]

updated the deployment descriptor for the windows signing service.

At the same time I generalized the keystore injection for KMS based deployments, adapting the jar signer configurations. Now its much cleaner as before and utilizes the cert chain generation that was already in place, outputting the expiration of the certificate while deploying for additional monitoring.

The staging version of the windows signing service is already deployed and the monitoring job is successful. Once that PR is merged, I will deploy the production version as well.

btw. I changed the deployment descriptors slightly to also have separate secrets for production and staging services. That way you can use different keys / certificates for the different stages and they also do not affect each other anymore.

[netomi]

had to add a log4j-to-slf4j adapter as adding jsign as dependency pulls in some other dependencies that use the log4j2 api for logging.