Code sign pr binaries on macOS

[davidanthoff]

Fixes #1000.

• Make sure we only code sign executable files
• Add a prompt that gets user-consent every time we code-sign. I think it is ok that we ask every time we code sign, i.e. even on update. But we might have to distinguish interactive mode from when juliaup is run from a script or something, when we shouldn't prompt but just fail, I guess. And presumably add a command line flag that allows one to opt-in to code signing...
• Add tests

[davidanthoff]

@IanButterworth could you give this a try? And maybe you know what we need to check for with the return value from mode() to really just target the executable files?

[IanButterworth]

As demonstrated in #1000 (comment) locally codesigning causes all stdlib pkgimages to be invalidated, meaning the user will hit precompilation for stdlibs, which will go into the user depot, which I believe creates non-ideal cache loading state. If we do want to do this, then we'd need to also employ the post-codesign fix that julia CD does by updating the hash in the .ji files too.

https://github.com/JuliaCI/julia-buildkite/blob/32243903bbc9e282da801d6160e6ee1009e6d0a4/utilities/upload_julia.sh#L42

[davidanthoff]

Oh gee, this all feels very brittle... But ok. Probably best if we re-implement that hash-update functionality in Rust? It doesn't look too complicated... I think we can't assume that we have a functioning Julia available at the point in time when we need to make this change.

I should say, I'll probably leave this to someone else to finish :)

[IanButterworth]

FWIW, I'm not that someone else. To re-write that .jl header update in rust, we'd need to keep rust up to date with the .ji format.. which is purely internal, so prone to change.