Make engine signing map during post-build signing a bit smarter

[mmitche]

• This issue is blocking
• This issue is causing unreasonable pain

This follows up on https://github.com/dotnet/core-eng/issues/14375 and is about making the engine signing map here a bit smarter.

This will fail if we have two files within the same drop that have the same name but different hashes. This appears to be handled gracefully within the rest of the tool (sign the one that needs signing), but the engine map uses the original file name thus causes hash collisions.

Technically, there's nothing wrong with having two exes with the same name have different signatures. We could make the map key a bit smarter and handle this case more gracefully. It is better though to have the same files have the same hashes (e.g. hosting bundle chained runtime exe and runtime exe are the same thing, and so should have the same file hash and signing timestamps).