Adjust how we enable dac signing to get it working on VMR release branches

[jkoritzinsky]

Fixes #47842

Official build at https://dev.azure.com/dnceng/internal/_build/results?buildId=2671729&view=results

[Copilot]

Pull Request Overview

This PR adjusts the logic for enabling DAC signing on VMR release branches. It introduces a new variable (signDacEnabled) and parameter (signDac) to control DAC signing based on the signing mode and branch type, and it updates job and stage templates to incorporate these changes.

• Introduces conditional variable signDacEnabled in the variables file based on signing conditions.
• Adds a new boolean parameter signDac and updates job templates to use it.
• Updates stage templates to pass the DAC signing flag (signDacEnabled) to the build stages.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
eng/pipelines/templates/variables/vmr-build.yml	Adds conditionals to enable/disable DAC signing based on branch details
eng/pipelines/templates/jobs/vmr-build.yml	Introduces a new signDac parameter and updates condition checks for DAC signing
eng/pipelines/templates/stages/vmr-verticals.yml	Propagates the signDac flag into stage definitions

[mmitche]

I think I would base this on signEnabled rather than the desired signing parameter. Then you get the automatic translation for default state to true/false. If false, turn off. If true, then further check against the branches like you did below.

It's probably about the same today, but would work more seamlessly if we ever had a feature/* branch.

[jkoritzinsky]

I tried basing it on signEnabled, but the YAML expansion didn't expand it right for it to be respected.

[jkoritzinsky]

/ba-g failures unrelated