feat: [INFRA-240] add NuGet to sign artifacts workflow

[arrowplum]

Brings the core of #29 up into the modern shared workflows.

This PR adds NuGet package signing. The workflow dowloads unsigned artifacts, detects .nupkg files, signs them using SSL.com credentials, and uploads signed artifacts.

See

sequenceDiagram
  participant WF as Caller Workflow
  participant SW1 as Execute Build
  participant SW2 as Sign Artifacts
  participant SW3 as Deploy Artifacts
  participant SW5 as Docker Build & Deploy
  participant GA as GitHub Artifacts
  participant JF as JFrog Artifactory
  participant SW4 as Create Release Bundle

  Note over WF,SW4: Artifact Pipeline (DEB/RPM/NuGet/generic)
  WF->>SW1: uses reusable_execute-build
  SW1-->>GA: upload artifacts
  WF->>SW2: uses reusable_sign-artifacts
  SW2-->>GA: download unsigned, upload signed
  WF->>SW3: uses reusable_deploy-artifacts
  SW3-->>GA: download signed artifacts
  SW3-->>JF: deploy with build-info

  Note over WF,SW5: Docker Pipeline (Containers)
  WF->>SW5: uses reusable_docker-build-deploy
  SW5-->>JF: build, attest & publish image + build-info

  Note over WF,SW4: Release Bundle (Both Pipelines)
  WF->>SW4: uses reusable_create-release-bundle
  SW4-->>JF: create bundle from artifacts and/or docker builds

Loading

• Adds NuGet signing capability via SSL.com eSigner for .nupkg files
• Updates workflow version references from v2.0.1 to v2.0.2
• Adds verification step for NuGet signatures in test workflow

[Copilot]

Reviewed Changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/reusable_sign-artifacts.yaml	Implements NuGet signing step with SSL.com credentials validation and enables malware blocking
.github/workflows/test_sign-artifacts-workflow.yaml	Adds SSL.com secrets and new verify-nuget-signatures job; updates workflow ref to v2.0.2
.github/workflows/sign-artifacts/README.md	Documents NuGet signing support, SSL.com secrets requirements, and artifact layout changes
.github/workflows/test_execute-build-workflow.yaml	Updates workflow reference to v2.0.2
.github/workflows/test_deploy-artifacts-workflow.yaml	Updates workflow reference to v2.0.2
.github/workflows/test_create-release-bundle-workflow.yaml	Updates workflow reference to v2.0.2
.github/workflows/deploy-artifacts/create-test-fixtures.sh	Adds NuGet package to test fixtures
.github/workflows/deploy-artifacts/test-entrypoint.sh	Updates expected upload command counts to account for added .nupkg file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The dotnet command is used to verify NuGet signatures, but the .NET SDK is not installed in this job. Ubuntu 22.04 runners may have the .NET SDK pre-installed, but this is not guaranteed and versions may change. Consider adding an explicit step to install the .NET SDK using actions/setup-dotnet to ensure consistent behavior.

[arrowplum]

@copilot open a new pull request into this feature branch to apply changes based on this feedback

[Copilot]

@arrowplum I've opened a new pull request, #86, to work on those changes. Once the pull request is ready, I'll request review from you.