Add codesigned and notarized MacOS packages #14135
Description
Apple has sharpened security, it seems, and it is no longer possible (or practical) to open unsigned/un-notarized binaries.
So, at this point, I think we either need to remove them or do it properly. We do this for the MacOS packages in https://github.com/gohugoio/hugoreleaser -- so I have the building blocks in place.
Alternatively we just let Brew handle it ... Which is tempting.
But note this: