feat(cli): add macos hardened runtime signing config option

[thewh1teagle]

In macOS, when building dmg with ad-hoc signature, and the app depends on Frameworks (dynamic shared libraries, dylib files), they won't load and the app will crash with error message box.

I found that if we disable signing flag in macOS bundler passed from tauri-cli, it won't crash.
the flag which passed is --option runtime in tooling/bundler/src/bundle/macos/sign.rs#L210

crash log

Termination Reason:    Namespace DYLD, Code 1 Library missing
Library not loaded: @rpath/libavcodec.60.dylib
Referenced from: <D007FD2C-8AD0-336A-944D-C186621D1CEF> /Volumes/VOLUME/vibe.app/Contents/MacOS/vibe
Reason: tried: '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' (code signature in <BEFA8967-6321-3361-9151-FF5EE424F751> '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs), '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' (code signature in <BEFA8967-6321-3361-9151-FF5EE424F751> '/Volumes/vibe/vibe.app/Contents/Frameworks/libavcodec.60.dylib' not valid for use in process: mapping process and mapped file (non-platform) have different Team IDs)
(terminated at launch; ignore backtrace)

man codesign

     -o, --options flag,...
             During signing, specifies a set of option flags to be embedded in
             the code signature. The value takes the form of a comma-separated
             list of names (with no spaces). Alternatively, a numeric value
             can be used to directly specify the option mask (CodeDirectory
             flag word). See OPTION FLAGS below.

Flags:
             runtime              Preserve the hardened runtime version (-o
                                  runtime flag, --runtime-version option)
                                  instead of overriding or deriving the
                                  version.

This PR introduce a way to control the flag through tauri.conf.json:

  "bundle": {
    "macOS": {
      "signingIdentity": "-",
      "hardenedRuntime": false
    }
  }

I believe that macOS bundling process needs to be much more flexible.
Currently I have no other option to control the final signing of the app, and tauri enforce this runtime flag, as a result the final binary can't run and I can't publish it for macOS (arm).

meanwhile for testing the app, it's possible to resign it:

codesign --force --deep -s "-" /Applications/vibe.app
hdiutil create -format UDZO -srcfolder some_app.app signed.dmg

[thewh1teagle]

Just a gentle reminder: I'm currently unable to test my app build locally due to the damaged dmg release caused by the default hardened option. It's impacting my development process. Any chance we could prioritize merging the PR? Appreciate your attention to this matter!

[FabianLars]

Thanks, just some smaller things and then it's good to go :)

[thewh1teagle]

Thanks for the review : - )
Edited as suggested