FR: support for signing pkg files

[PaulSonOfLars]

Been playing around with gon for a few days now, and really enjoying it so far. Loving the async notarisation.

My one gripe is the lack of support for signing pkg files with an Installer ID, ie. using productsign instead of codesign. Is this an intended omission? Would love to see gon handle both cases properly, especially as the readme mentions pkg notarisation support, which led me to assume it could be signed too.

Happy to open a PR if you feel this would be a good idea but don't have any time to invest in it.

[zwass]

I have a similar use case and I'm just going to shell out to productsign. It would be convenient to wrap this up in the same APIs as gon already provides.