macOS: Disable library validation when signing

So we can load 3rdparty plugins even when the app is signed and notarized.
Also give Qt Creator "debugging" capabilities, allowing it to attach
to processes.

Change-Id: Ia6bb8ab279920b75a96777eafebbb4e7454fda46
Reviewed-by: Eike Ziller <eike.ziller@qt.io>

dist/installer/mac/entitlements.plist

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+        <key>com.apple.security.cs.debugger</key>
+        <true/>
+        <key>com.apple.security.cs.disable-library-validation</key>
+        <true/>
+</dict>
+</plist>

scripts/common.py

@@ -211,5 +211,7 @@ def codesign(app_path):
                                lambda ff: ff.endswith('.dylib'))
     codesign = codesign_call()
     if is_mac_platform() and codesign:
+        entitlements_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), '..', 'dist',
+                                         'installer', 'mac', 'entitlements.plist')
         # sign the whole bundle
-        subprocess.check_call(codesign + ['--deep', app_path])
+        subprocess.check_call(codesign + ['--deep', app_path, '--entitlements', entitlements_path])