release: update Linux, macOS, and Windows signing (#1431)

This PR migrates GCM's Linux, macOS, and Windows signing workflows off
the ESRP service. This means:

1. Updating the Linux components to sign with a GPG key.
2. Updating macOS components to sign/notarize using Application and
Installer certificates (see this series [1] for details).
3. Updating Windows components to sign using the Azure Code Signing
service.

**Note:** This PR does not include updates to migrate the .NET tool
package signing off ESRP for two reasons:

1. The Azure Code Signing service does not yet support NuGet package
signing. We are hopeful this will be our solution in the future, though.
2. HSM requirements for Code Signing certificate storage [2].

An example run of release workflow with these changes can be found here [3].

1: https://developer.apple.com/forums/thread/701514
2: https://knowledge.digicert.com/generalinformation/new-private-key-storage-requirement-for-standard-code-signing-certificates-november-2022.html
3: https://github.com/ldennington/git-credential-manager/actions/runs/6543297870

Author: ldennington

.github/set_up_esrp.ps1

@@ -1,5 +1,5 @@
 # Install ESRP client
-az storage blob download --file esrp.zip --auth-mode login --account-name esrpsigningstorage --container signing-resources --name microsoft.esrpclient.1.2.76.nupkg
+az storage blob download --file esrp.zip --auth-mode login --account-name $env:AZURE_STORAGE_ACCOUNT --container $env:AZURE_STORAGE_CONTAINER --name $env:ESRP_TOOL
 Expand-Archive -Path esrp.zip -DestinationPath .\esrp
 
 # Install certificates