Create a windows code signing infrastructure for OpenJS projects

[ryanaslett]

Multiple projects need to have the ability to sign their binaries so that they can run directly on windows.

Currently, Electron and NodeJS each have their own certificate, but those are extremely expensive.

Appium would also like to sign their binaries and we're exploring a process to use the azure trusted code signing mechanism.

[ryanaslett]

Updated the support request today. Lets hope we can figure out why Azure is not sending us validation emails.

[ryanaslett]

@bensternthal I'd like to investigate our side of the email deliverability, do we have any credentials for mailgun for openjsf.org ?

`

There might be something catching spam at that level preventing microsoft from sending the validation emails.

[ryanaslett]

Azure support did not respond to my support request re-open or to the information we have provided.

[ryanaslett]

Azure has been responsive, and now we have some more to go on to help troubleshoot.

I've escalated this to dnsimple hoping to find if they are rejecting the emails from microsoft.

[bensternthal]

1. Azure identity is now setup
2. Now we need to go through configuration and setup so that someone with GHA can connect to trusted signing service
3. Once thats done we can work with folks to test

[bensternthal]

@ryanaslett will pair with @felixrieseberg

[ryanaslett]

Azure Trusted signing is now established and we can use this for both Github Actions signing as well as embedded within Electron-build, and we'll be able to use this for the upcoming NodeJS changes for their signing which has about 70 days left worth of signatures.

I've handed over some secrets to the Appium Developer (Jonathan Lipps) To add to his GHA workflow and he'll let us know if there's any issues.