Hi all, this PR implements macOS code signing and notarization in the GitHub Action when creating the Pencil2D macOS app.

Issue: #1922

This ensures we meet Apple's security requirements and provide a better user experience, particularly to avoid the very annoying security warning.

This codesign & notarization process requires 6 GitHub actions secrets to work. I have added them to our repo.

If you don't have them, don't worry the notarization step will be skipped, and it will just work the same as before.

For anyone who wants to code-sign the app with your own Apple developer account, you need to

1. Go to Apple Developer website and request a "Developer ID Application" certificate
2. Download and install the certificate to your local Keychain Access
3. Open Keychain Access and export the private key as a .p12 file, with a custom password
4. Convert the .p12 file to a Base64 string

And then set the following GitHub Action secrets

1. P12_BASE64: the private key base64 text you just export above
2. P12_PASSWORD: the custom password you set when you export the .p12 private key
3. APPLE_ID: your Apple Developer account email
4. APPLE_ID_PASSWORD: This is the "App-specific password", not the password you use to log into your Apple Developer account. Please request one on the developer website.
5. APPLE_TEAM_ID: type the security command below to find it
6. CODESIGN_CERT_IDENTITY: type the security command below to find it

security find-identity -v -p codesigning
it will print out something like this:

1) YOUR_CERTIFICATE_IDENTITY "Developer ID Application: Your-Name (TEAM_ID)"