feat: Allow @electron/windows-sign to take over Squirrel codesigning

[felixrieseberg]

This PR enables @electron/windows-sign to "hijack" codesigning within Squirrel. It does so by using @electron/windows-sign's ability to create a custom signtool.exe that's actually a "single executable application" built with Node.js, calling @electron/windows-sign underneath.

This, in turn, allows developers to customize their codesigning pipelines - with custom tools, scripts, and even per-file configurations. Now that Windows will only accept EV Codesigning certificates, many developers are faced with codesigning scenarios that are more complex - involving custom tooling, cloud-based solutions, and other shenanigans.

For details on how this all works underneath the hood, check out https://github.com/electron/windows-sign/commit/8b23eaa900b4ca0905699b4fa17ca22246624fdf

Decision to not make this a breaking change

• @electron/windows-installer only requires Node.js >= 8.0.0.
• @electron/windows-sign requires Node.js >= 16.0.0.
• @electron/windows-sign's "fake signtool.exe" feature requires Node.js >= 18.0.0, the first version to contain the "single executable" feature.
• Since this is overall a very niche feature and only benefits consumers with rather advanced codesigning needs, I did not want to make Node.js v18 a hard requirement for @electron/windows-installer. Instead, @electron/windows-sign is an optional dependency - and if it didn't install, we'll throw a useful error only if people are trying to use the new windowsSign parameter.

[anaisbetts]

Seems reasonable to me, it is important that Squirrel invoke signtool.exe (i.e. rather than trying to run Squirrel without signing then signing the EXE file after-the-fact) or else certain files will end up not signed correctly like the generated stub files that Squirrel makes

[continuous-auth[bot]]

:tada: This PR is included in version 5.3.0 :tada:

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot :package::rocket: