Support Azure Trusted Signing

[thoughtless]

Azure Trusted Signing is the new preferred way to sign Windows apps. There is documentation for using it with Electron here: https://www.electronforge.io/guides/code-signing/code-signing-windows

It works by using a new /dlib option in SignTool.exe. The certificate is not passed in with /f. Instead it is generated by Azure on the fly.

However, when you don't specify a cert, this library will automatically create a dev cert for you: https://github.com/electron-userland/electron-windows-msix/blob/main/src/utils.ts#L232

There is currently no way to disable the dev cert.

When you try to use Azure Trusted Signing, you get an error like this:

SignTool Error: AuthenticodeDigestSignEx implementation is found in the DLL specified by /dlib option.

	It is incompatible with /a /ac /c /f /p /i /n /r /s /sm /sha1 /u /uw option.

An easy solution would be to add a config option that explicitly disables the dev cert. Something like createDevCert: false

[tgnhrkn]

+1 to disabling dev cert creation. We're using the /sha1 option to specify a key provided by a KSP instead of providing a file.

[timwis]

We're stuck on this too. @tgnhrkn can you elaborate on how you worked around it?

Separately, is there a sense of whether this will be addressed?