Upgrade Sparkle to support hardened runtime signing, sign additional Sparkle binaries

[mbacchi]

Description

After notarization has been completed (PR 5485 & PR 3725 currently awaiting review), Sparkle must be updated in order to add hardened runtime support. This was shelved during the notarization work for expediency, because this is not enforced by Apple until January 2020, but needs to be completed fairly soon.

We need to both update to the version of Sparkle that supports hardened runtime and need to sign some additional binaries that are part of Sparkle in our package(brave/Sparkle#7).

[kjozwiak]

@mbacchi is there anything in particular that QA needs to run through for this PR? Assuming this is macOS only? Do we basically need to make sure that the builds are being installed/updated without any issues?

[mbacchi]

Yes, if you could just verify it installs and runs successfully on MacOS Catalina, it would indicate that notarization is working correctly. Thanks!

[kjozwiak]

Verification PASSED on macOS Catalina 10.15.3 x64 using the following build:

Brave	1.3.110 Chromium: 80.0.3987.78 (Official Build) (64-bit)
Revision	cb5aa81cb0a3a2c674b93bc7ffb34a86cd3b4802-refs/branch-heads/3987@{#752}
OS	macOS Version 10.15.3 (Build 19D76)

• ensured that Brave launches without any issues on a clean profile
• ensured that the Widevine component was downloaded/works as expected
  • verified that Netflix, YT and Disney+ all work (after several restarts as well)
• ensured upgrading from 1.2.43 CR: 79.0.3945.130 --> 1.3.110 CR: 80.0.3987.78 using the test channel worked as expected
  • ensured that restarting Brave several times after upgrading didn't cause any issues

Double checked that the application is notarized via:

kjozwiak@Kamils-MBP ~ % spctl --assess --verbose /Applications/Brave\ Browser.app
/Applications/Brave Browser.app: accepted
source=Notarized Developer ID

kjozwiak@Kamils-MBP ~ % stapler validate ~/Downloads/Brave-Browser.dmg
Processing: /Users/kjozwiak/Downloads/Brave-Browser.dmg
The validate action worked!

kjozwiak@Kamils-MBP ~ % stapler validate ~/Downloads/Brave-Browser.pkg
Processing: /Users/kjozwiak/Downloads/Brave-Browser.pkg
The validate action worked!

Verification PASSED on macOS Mojave 10.14.6 x64 using the following build:

Brave	1.3.110 Chromium: 80.0.3987.78 (Official Build) (64-bit)
Revision	cb5aa81cb0a3a2c674b93bc7ffb34a86cd3b4802-refs/branch-heads/3987@{#752}
OS	macOS Version 10.14.6 (Build 18G103)

• ensured that Brave launches without any issues on a clean profile
• ensured that the Widevine component was downloaded/works as expected (utilized Netflix for this check)
• ensured upgrading from 1.2.43 CR: 79.0.3945.130 --> 1.3.110 CR: 80.0.3987.78 using the test channel worked as expected
  • ensured that restarting Brave several times after upgrading didn't cause any issues

Double checked that the application is notarized via:

Laurens-MacBook-Pro-2:~ lauren$ spctl --assess --verbose /Applications/Brave\ Browser.app 
/Applications/Brave Browser.app: accepted
source=Notarized Developer ID