Please digitally sign alloy and alloy-installer-windows

[sjansen1]

Request

Please CodeSign the binary Windows releases of "alloy-windows-amd64" and "alloy-installer-windows-amd64". Many Enterprises have measures inplace to block unknown executables on devices and servers that are unsigned.

Use case

This allows Enterprise users that have Attack Surface Reduction rules running in the enviroment to use Grafana Alloy. Digitally sign Allow allows a broader acceptance in enterprises.

[github-actions]

This issue has not had any activity in the past 30 days, so the needs-attention label has been added to it.
If the opened issue is a bug, check to see if a newer release fixed your issue. If it is no longer relevant, please feel free to close this issue.
The needs-attention label signals to maintainers that something has fallen through the cracks. No action is needed by you; your issue will be kept open and you do not have to respond to this comment. The label will be removed the next time this job runs if there is new activity.
Thank you for your contributions!

[llamafilm]

I'd like to extend this request to include MacOS binaries too. Code signing is important for automatic deployment pipelines. In particular, I would like to verify the signature using autopkg.

[Notedop]

Same problem for us, we would like to roll-out Alloy using automatic deployment pipelines but because installer is not signed, we cannot automate this due to company policies.

[jkroepke]

Current workaround: Sign installer by your own.

[mbtaylor1982]

please code sign the windows exe and installer, it will prevent us using it and seeking alternatives.