fix(macos): remove entitlements from Go binary signing

Go CLI binaries don't need entitlements like Electron apps do.
The error 'AMFIUnserializeXML: syntax error' occurred because
Electron app entitlements (app-sandbox, allow-jit, camera access)
are not applicable to standalone CLI executables.

CLI tools only need:
- Code signing identity
- Hardened runtime (--options runtime)
- Timestamp for notarization

This is the standard approach for signing Go binaries on macOS.

https://claude.ai/code/session_01U9NtT9hmX68VAbYp5x2Pi1

Author: claude

.github/workflows/release.yml

@@ -350,20 +350,18 @@ jobs:
         run: |
           echo "Signing Go binaries with identity: $CODESIGN_IDENTITY"
 
-          # Sign px binary
+          # Sign px binary (without entitlements - CLI tools don't need them)
           codesign --force \
             --sign "$CODESIGN_IDENTITY" \
             --options runtime \
             --timestamp \
-            --entitlements build/entitlements.mac.plist \
             src-go/px
 
           # Sign px-service binary
           codesign --force \
             --sign "$CODESIGN_IDENTITY" \
             --options runtime \
             --timestamp \
-            --entitlements build/entitlements.mac.plist \
             src-service/px-service
 
           # Verify signatures