Code signing for scripts

[janosdebugs]

It would be good if the installer scripts were signed via cosign/GPG/signing certificate.

This is currently a low priority issue, please thumbs up this issue if it is important to you.

[namgyalangmo]

@janosdebugs I would like to give this a shot!

[janosdebugs]

@namgyalangmo I've assigned you, but there are a few things to note, feel free to drop the issue:

1. We currently do not have code signing certificates for Windows, so that can currently not be done. The Powershell script is therefore out of scope for now.
2. We also don't have an Apple developer account to use for notarization, so the Apple-specific tools can, unfortunately, not be used.
3. The .sh code can currently be signed via GPG and cosign. I would recommend starting with GPG. The signature files can be published detached, or could be attached at the end of the file after an exit command. However, this behavior must be tested with all shells we support. Please familiarize yourself with how the tests for the scripts work and how to run them before you begin your work.
4. The script should have an option to verify the integrity of itself based on the GPG or cosign signature. However, there should also be an option to verify another file explicitly since people may want to download an updated script and then use the old script to verify the new script.

[namgyalangmo]

I am new to shell scripting, so this might be a bigger undertaking than I had hoped for. I will unassign myself for now but will come back to it if I come up with an approach.