Sign agent binary for Windows

[pkukielka]

We need to sign agent binary and possibly also our plugin in the JetBrains Marketplace. Signing agent have the priority.

Currently agent is build using npm pkg We are building for the following architectures:

• latest-linux-arm64
• latest-linux-x64
• latest-macos-arm64
• latest-macos-x64
• latest-win-x

And documentations says about signing:

If you want to generate executable for different architectures, note that by default pkg has to run the executable of the target arch to generate bytecodes:

Linux: configure binfmt with QEMU. macOS: possible to build x64 on arm64 with Rosetta 2 but not opposite. Windows: possible to build x64 on arm64 with x64 emulation but not opposite. or, disable bytecode generation with --no-bytecode --public-packages "*" --public. macos-arm64 is experimental. Be careful about the mandatory code signing requirement. The final executable has to be signed (ad-hoc signature is sufficient) with codesign utility of macOS (or ldid utility on Linux). Otherwise, the executable will be killed by kernel and the end-user has no way to permit it to run at all. pkg tries to ad-hoc sign the final executable. If necessary, you can replace this signature with your own trusted Apple Developer ID.

To be able to generate executables for all supported architectures and platforms, run pkg on a Linux host with binfmt (QEMU emulation) configured and ldid installed.

[pkukielka]

I asked for help our dev-infra tema: https://github.com/sourcegraph/devx-support/issues/668