feat: Externalize desktop macOS signing configuration

- Move macOS signing and notarization settings from `app/desktop/build.gradle.kts` to a new `gradle/common-desktop-mac-sign-conf.gradle` script.
- Introduce a `keystore.properties` file in the `app/desktop` directory to hold signing and notarization values.
- Update GitHub Actions scripts (`decrypt_secret.sh`, `encrypt_secret.sh`, `check_secret_integrity.sh`) to manage the new `desktop.keystore.properties.gpg` secret.
- Rename the encrypted Android keystore from `keystore.properties.gpg` to `android.keystore.properties.gpg` for clarity.

Author: softartdev

.github/scripts/check_secret_integrity.sh

@@ -11,3 +11,5 @@ echo "7b9f841129997ddb098e03dd7099a3341dbfa012c31e4cb465b92ddd476cca7a  ./app/io
 echo "e36a29b3964c8bd90030f93ac986a39510185df582a783f1b946e6127a005e38  ./app/iosApp/fastlane/ios_distribution.p12" | sha256sum -c -
 
 echo "4fb66d6fbe9fc4a544303e6e516da2ee3314187e28fc5aacb9631f9b42b511b0  ./app/iosApp/fastlane/NoteDelight_Distribution_Profile.mobileprovision" | sha256sum -c -
+
+echo "5439f53423060953d110cb3217e089b23da20aa7559e80b32767184f2516bba0  ./app/desktop/keystore.properties" | sha256sum -c -

.github/scripts/decrypt_secret.sh

@@ -4,7 +4,7 @@
 # --batch to prevent interactive command --yes to assume "yes" for questions
 
 gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
---output ./app/android/keystore.properties ./.github/secrets/keystore.properties.gpg
+--output ./app/android/keystore.properties ./.github/secrets/android.keystore.properties.gpg
 
 gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
 --output ./app/android/note_room_key_store.jks ./.github/secrets/note_room_key_store.jks.gpg
@@ -20,3 +20,6 @@ gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
 
 gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
 --output ./app/iosApp/fastlane/NoteDelight_Distribution_Profile.mobileprovision ./.github/secrets/NoteDelight_Distribution_Profile.mobileprovision.gpg
+
+gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" \
+--output ./app/desktop/keystore.properties ./.github/secrets/desktop.keystore.properties.gpg

.github/scripts/encrypt_secret.sh

@@ -4,7 +4,7 @@
 # --batch to prevent interactive command --yes to assume "yes" for questions
 
 gpg --symmetric --cipher-algo AES256 --batch --yes --passphrase="$LARGE_SECRET_PASSPHRASE" \
---output ./.github/secrets/keystore.properties.gpg ./app/android/keystore.properties
+--output ./.github/secrets/android.keystore.properties.gpg ./app/android/keystore.properties
 
 gpg --symmetric --cipher-algo AES256 --batch --yes --passphrase="$LARGE_SECRET_PASSPHRASE" \
 --output ./.github/secrets/note_room_key_store.jks.gpg ./app/android/note_room_key_store.jks
@@ -20,3 +20,6 @@ gpg --symmetric --cipher-algo AES256 --batch --yes --passphrase="$LARGE_SECRET_P
 
 gpg --symmetric --cipher-algo AES256 --batch --yes --passphrase="$LARGE_SECRET_PASSPHRASE" \
 --output ./.github/secrets/NoteDelight_Distribution_Profile.mobileprovision.gpg ./app/iosApp/fastlane/NoteDelight_Distribution_Profile.mobileprovision
+
+gpg --symmetric --cipher-algo AES256 --batch --yes --passphrase="$LARGE_SECRET_PASSPHRASE" \
+--output ./.github/secrets/desktop.keystore.properties.gpg ./app/desktop/keystore.properties

.github/secrets/28F5CB4337.json.gpg

@@ -0,0 +1 @@
+�	*���
�$�ҕ
�����%���gNw���H�/Cg!�� )i:��l�;l��y\����m�q@�*K�x�G� =�xY9�M��ּ�È��u�,5��w�|�J:��>fҏ^�%9;Zo_$^�x1)'M����'��ܐ�k���ӯ���Aی����

.github/secrets/NoteDelight_Distribution_Profile.mobileprovision.gpg

@@ -0,0 +1,3 @@
+�	���%
+�ޚ���Z
���-ݒ��
+W߬|���?EC�FP�8\����\5�
3��QuX)T}�h/u����Nh�-DĦTk�$^�Ig��3���}���Fj!��g:��ҝ����������e9�y~Ӆ��Oʧ����%��1��\ᩏ�+�m���F���1T�63�&�2{؏�e��:��!7�l;K�\���@`˳)����k^������q�[�5�DӞU���ܜ0��X*K��W�>c$�.\49����M���4y‡a�Ѹ#��y+��W:���[