Get EV code signing certificate to sign our binary packages

[efiop]

I.e. https://www.certum.eu/en/cert_offer_microsoft_code_signing/ .

The "untrusted source" window is annoying, but it is only a small part of the problem. A much bigger problem is that when you install dvc from binary windows package, windows defender thinks that this is a virus and makes it extremely slow. To fix that we need to sign our packages with a trusted certificate.

[efiop]

No longer needed after #1447 , since we no longer build a single binary and all binaries in --onedir are already signed.

[efiop]

Reopenning since we still need this for our installers.

[jorgeorpinel]

Just want to post what this looks like on Windwos. The installer is stopped by Windows Defender with a "Windows protected your PC" screen:

You need to click "More info" to be able to use the [Run anyway] button:

p.s. similar to #2677 on Mac

[efiop]

For the record:

• rpm and deb
• mac pkg
• windows with OV cert for simplicity, but at least it is no longer "Unknown publisher". It should get better the more people install it, smartscreen will learn to trust this cert (will build up reputation).