Notarize macosapp

[1ec5]

Notarize macosapp when packaging a release of the macOS map SDK, so macOS users can more easily open the application without jumping through Gatekeeper hoops.

To do:

• Opt into notarization when using ExportOptions.plist
• Add the Hardened Runtime entitlement to the project
• Set ENABLE_HARDENED_RUNTIME=YES in invocations of xcodebuild in package.sh (as opposed to inside the project, so non–Mapbox team members can continue to build ad-hoc)
• Add a post-archive action to the scheme that exports the application for notarization
• Invoke xcrun altool in package.sh
• Split out a separate make rule that invokes xcrun stapler staple and completes the deployment process, to be run after notarization succeeds

Fixes mapbox/mapbox-gl-native#14753. Reprise of mapbox/mapbox-gl-native#14754.

/cc @mapbox/maps-ios @frederoni

[1ec5]

Set ENABLE_HARDENED_RUNTIME=YES in invocations of xcodebuild in package.sh (as opposed to inside the project, so non–Mapbox team members can continue to build ad-hoc)

I ended up moving this setting to the project. It seems to be possible to build the application ad-hoc with the hardened runtime setting after all.

[1ec5]

I ended up moving this setting to the project. It seems to be possible to build the application ad-hoc with the hardened runtime setting after all.

But then macosapp won’t run in the debugger. So I limited the hardened runtime setting to the Release configuration for now, but I’ll probably go back to setting the build setting in a script once everything is fully automated.

[stale]

This pull request has been automatically detected as stale because it has not had recent activity and will be archived. Thank you for your contributions.