Inconsistent .js signing verification across platforms when tars include .js files

[ellahathaway]

Currently, tars are only unpacked on Linux and macOS, and .js files are only verified on Windows. This results in a problem where some tars that include .js files are never checked on Linux or macOS, since the .js verification only occurs on Windows. This inconsistency could result in us not detecting unsigned .js files.

To fix this, one of the two things needs to happen:

• Tars should either be unpacked on Windows
• .js files should be verified on both macOS and Linux as well.