macOS: Enable Developer ID Distribution

[roop]

This PR creates additional targets (with "-DeveloperID" suffix) that can be used for Developer ID Distribution of the macOS app (for distribution outside of the Mac App Store).

The tunnel extension is bundled as a system extension. The system extension is attempted to be installed at app launch -- there will be prompts at app launch for that.

Differences from the App Store version:

• The privacy statement is not shown at app launch. It can still be accessed from the app's Settings pane.
• There's no unified log. On clicking "View Log", we show how the user can access the log using Console.app or "log" commands. This is because with the System Extension, we have no shared location to keep the debug.log file that can be shared between the app and the extension (the app and the extension run as different users and don't have permissions to see each other's files).
• The password for imported OpenVPN config files is passed directly and not through the Keychain. This is because with the System Extension, we have no shared keychain to share the password with.
• The About pane says "Developer ID Version"

Creating the Developer ID Distribution is somewhat complex, and is documented in DEVELOPER_ID.md which is part of this PR.

[roop]

Converted to draft because this depends on #498, which is not merged yet.

[roop]

Rebased to master after merging of #498.

@efef Please take a look at DEVELOPER_ID.md (added in this PR), which documents the distribution process.

[roop]

Pushed 0f320fd to developer_id_distribution branch, so that @efef can try it out.