[skip changelog] Update notarization job, now usable with p12 cert format

[umbynos]

Please check if the PR fulfills these requirements

• The PR has no duplicates (please search among the Pull Requests
  before creating one)
• The PR follows
  our contributing guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

• What kind of change does this PR introduce?

update the CI

• What is the current behavior?

• What is the new behavior?

The CI now uses a .p12 certificates and uses an action to handle keychain unlocking. Other improvements have been added.
Now gon is installed through homebrew.
The Notarize binary, re-package it and update checksum step has been split in two different steps: one simple step to notarize and sign and the other one to change permission, calculate the checksum and repackage the binary

• Does this PR introduce a breaking change?

no

• Other information:

---

See how to contribute
It's necessary to add INSTALLER_CERT_MAC_P12 and INSTALLER_CERT_MAC_PASSWORD as secrets

[per1234]

Thanks Umberto!

I tried it out in my fork with my own Apple Developer ID certificate and it works just fine.

This will also need to be done to the "nightly" workflow:
https://github.com/arduino/arduino-cli/blob/master/.github/workflows/nightly.yaml

[rsora]

Please check my comments in the code!
(Excellent work BTW!)

[per1234]

Looks good!

per@Pers-iMac Downloads % spctl -a -vvv -t install "dist/arduino-cli_43.0.0_macOS_64bit/arduino-cli" 
dist/arduino-cli_43.0.0_macOS_64bit/arduino-cli: accepted
source=Notarized Developer ID
origin=Developer ID Application: Per Tillisch (9M5NQMNWBJ)
per@Pers-iMac Downloads % spctl -a -vvv -t install "dist (1)/arduino-cli_0.13.0_macOS_64bit/arduino-cli"
dist (1)/arduino-cli_0.13.0_macOS_64bit/arduino-cli: accepted
source=Notarized Developer ID
origin=Developer ID Application: ARDUINO SA (7KT7ZWMCJT)

[rsora]

👍
New secrets configured, let's merge!