FR: Support for "deep" codesigning.

[PaulSonOfLars]

Using gon is a great experience - however, signing .app packages, is not. As it stands now, each individual piece of code (binaries, libraries, frameworks) contained in the .app must be manually specified in the "source" config. This leads to wasted iteration cycles of having to manually add each failed item following a failed notarisation when developing on the package.

Now - I don't know if specifying each individual item is considered a feature or not - is this a "we need to be concise", or an oversight?

If the first - would be great to be able to fail-fast at codesign, instead of failing at notarisation (which can take a while) If the second - support for signing entire .app files in one shot would be great. Whether that be by adding support for codesign's --deep flag (not sure if that satisfies this usecase), or some logic which is able to find and sign the prerequisites in the correct order.

Thanks for the tool though, it's a great help :)

[darkvertex]

Came here to submit a ticket for this. I have an app made with py2app which bundles a ton of files and the notorization service whined it couldn't accept any non-signed files.

Maybe I can make a PR for this. 🤔

[darkvertex]

Here we go: ✨ https://github.com/mitchellh/gon/pull/42 ✨