Run binary SDL once on all artifacts

[jjonescz]

This is a workaround for BinSkim (and other tools) not analyzing the contents of nupkg/zip files.

Official build: https://dev.azure.com/dnceng/internal/_build/results?buildId=2561041&view=results (CodeSign Validation has a hard limit of 10 minutes because it's not enforced, so it currently timeouts, but that's not a blocking error. To see what will happen when 1ES enforces it, I tried manually enabling it in a separate run: it takes 1h 16min: https://dev.azure.com/dnceng/internal/_build/results?buildId=2562873&view=results)