Notarize Pharo Launcher app so that it is recognized as a trusted app on latest OS X

[demarey]

No description provided.

[demarey]

Bug description

PharoLauncher.app fails to launch on OS X 10.15 and above because the application has not been notarized. Instead of seeing Pharo Launcher, the user is presented with this disconcerting message:

Note that there is no option for the user to override this check and continue. I believe this experience is negative enough to dissuade many casual potential OS X users of Pharo from giving it a try. It's probably also preventing more interested users as well.
PharoLauncher installation itself is ok.

The same problem exists for the VM and is reported here: pharo-project/pharo#9833

Steps to achieve notarization

• Ensure the app is signed with a developer id
• Enable Hardened runtime
  From https://developer.apple.com/documentation/security/hardened_runtime

The Hardened Runtime, along with System Integrity Protection (SIP), protects the runtime integrity of your software by preventing certain classes of exploits, like code injection, dynamically linked library (DLL) hijacking, and process memory space tampering.
This means we must sign with the --options=runtimeoption. But hardened runtime does not allow JIT code so we need, to add entitlements to disable an individual protection.

Automation

To ease the notarization process, we will use the xcnotary tool https://github.com/akeru-inc/xcnotary.
We need to provide the Apple Developer account and a keychain item containing the developer password. It can be setup by using xcrun notarytool store-credentials tool as explained in https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/customizing_the_notarization_workflow#3087734

[demarey]

done