Add flag and tests for codesigning single-file bundles targeting MacOS

[jtschuster]

This shouldn't change any behavior (the default for the Bundler was to sign on MacOS), but adds a test to ensure the single file binary is signed when published for osx, and that users can opt out of codesigning.

[Copilot]

Pull Request Overview

This PR introduces a toggle for MacOS code signing in single-file bundles, updates the bundler tasks to honor the new flag, and adds tests to verify both the presence of the Mach-O signature and the ability to opt out of signing.

• Added MachOSignature test utility for checking Mach-O code signature load commands and validity.
• Extended the MSBuild GenerateBundle task with an EnableMacOsCodeSign parameter and wired it through the .targets file.
• Added and updated tests in the Publish and Build test suites to cover signing and opt-out scenarios on macOS.

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
test/Microsoft.NET.TestFramework/Utilities/MachOSignature.cs	New utility to detect and verify Mach-O signatures in binaries.
test/Microsoft.NET.Publish.Tests/GivenThatWeWantToPublishASingleFileApp.cs	Added theory data and assertions for code-signing opt-in/out on macOS.
test/Microsoft.NET.Build.Tests/AppHostTests.cs	Updated build tests to use the new MachOSignature helper.
src/Tasks/Microsoft.NET.Build.Tasks/targets/Microsoft.NET.Publish.targets	Passed new EnableMacOSCodeSign MSBuild property to GenerateBundle.
src/Tasks/Microsoft.NET.Build.Tasks/GenerateBundle.cs	Introduced EnableMacOsCodeSign task property and forwarded it to the bundler.

Comments suppressed due to low confidence (4)

src/Tasks/Microsoft.NET.Build.Tasks/GenerateBundle.cs:33

• [nitpick] For consistency with the MSBuild property _EnableMacOSCodeSign, consider renaming EnableMacOsCodeSign to EnableMacOSCodeSign to match casing.

        public bool EnableMacOsCodeSign { get; set; } = true;

test/Microsoft.NET.TestFramework/Utilities/MachOSignature.cs:6

• Add using System.IO; and using Xunit.Abstractions; so that FileInfo and ITestOutputHelper resolve correctly.

using System.Diagnostics;

test/Microsoft.NET.TestFramework/Utilities/MachOSignature.cs:39

• The variable name reverseEndinanness is misspelled; it should be reverseEndianness.

                bool reverseEndinanness = BitConverter.ToUInt32(eightByteBuffer.Slice(0, 4)) switch

test/Microsoft.NET.Build.Tests/AppHostTests.cs:149

• The MachOSignature class is referenced here but its namespace isn't imported; add using Microsoft.NET.TestFramework.Utilities; at the top of the file.

            MachOSignature.HasMachOSignatureLoadCommand(new FileInfo(appHostFullPath)).Should().Be(shouldSign, $"The app host should {(shouldSign ? "" : "not ")}have a Mach-O signature load command.");