fix(ci): rewrite notarize step with polling loop + fix pipe-to-while bug

Key changes:
- Re-sign step: use process substitution < <(...) so FAIL=0/1 state
  survives the while loop (pipe-to-while runs in a subshell, silently
  swallowing codesign failures and causing 3s instant-exit)
- Notarize step: replace single long-running 'notarytool wait' (hangs
  indefinitely on macos-26 beta runner) with custom 30s polling loop
  using 'notarytool info' wrapped in 'timeout 60' per call — max 20 min,
  progress logged every poll, cannot hang
- Add binary audit step (new) between re-sign and notarize: lists every
  Mach-O with its signing identity + runs spctl assessment for visibility
- keychain: add -T /usr/bin/xcodebuild to security import; add
  codesign: to partition list; use literal login.keychain-db path
- notarytool keychain timeout bumped to 7200s (from 3600s)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: katipally