Fix notarization after latest Apple changes

[ilpianista]

Notarization from the fleetctl-docker image is broken actually:

fleetctl package --type=pkg --fleet-url=myurl --enroll-secret=mysecret --macos-devid-pem-content=XYZ --notarize --app-store-connect-api-key-id=XYZ --app-store-connect-api-key-issuer=XYZ --app-store-connect-api-key-content=XYZ
[..]
transporter error> Package Summary:
transporter error>  
transporter error> 1 package(s) were not uploaded because they had problems:
transporter error> 	/tmp/apple-codesign-QAsKT8/17081d03-fdc8-46cd-873a-2970f7be9c7c.itmsp - Error Messages:
transporter error> 		Notarization of MacOS applications using altool has been decommissioned. Please use notarytool. See: https://developer.apple.com/documentation/technotes/tn3147-migrating-to-the-latest-notarization-tool (4200)
transporter error> [2024-11-15 13:35:47 UTC] <main> DBG-X: Returning 1
Error: I/O error: command ["/usr/local/bin/iTMSTransporter", "-m", "upload", "-apiIssuer", "XYZ", "-apiKey", "XYZ", "-f", "/tmp/apple-codesign-QAsKT8/17081d03-fdc8-46cd-873a-2970f7be9c7c.itmsp", "-vp", "json"] exited with code 1

Error: rcodesign notarize: exit status 1

Luckily, bumping rcodesign version is enough to make it work again.

Checklist for submitter

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.
• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements)
• Added support on fleet's osquery simulator cmd/osquery-perf for new osquery data ingestion features.
• Added/updated tests
• If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes
• If database migrations are included, checked table schema to confirm autoupdate
• For database migrations:
  • Checked schema for all modified table for columns that will auto-update timestamps during migration.
  • Confirmed that updating the timestamps is acceptable, and will not cause unwanted side effects.
  • Ensured the correct collation is explicitly set for character columns (COLLATE utf8mb4_unicode_ci).
• Manual QA for all new/changed functionality
• For Orbit and Fleet Desktop changes:
  • Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (runtime.GOOS).
  • Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
  • Auto-update manual QA, from released version of component to new version (see tools/tuf/test).

[lucasmrod]

Opened #23895 to track this issue.

[lucasmrod]

Looks good!

I've created #23895 to track the issue.
We'll merge it once we can reproduce on our end and test the fix.

[lukeheath]

Converted this to draft until it reproduced and we're ready to merge.

[lukeheath]

@lukeheath TODO: Look into getting a developer ID we can use for testing so we can QA this change.

[lucasmrod]

LGTM!