fix(ci): ad-hoc sign darwin binaries with plain codesign

Bun on github macos-latest runners does not emit linker-signed
signatures by default. Sign explicitly with 'codesign --sign -'
without preserve-metadata since the binary has no prior signature.

Author: code-yeongyu

.github/workflows/publish-platform.yml

@@ -213,10 +213,11 @@ jobs:
             echo "Built binary:"
             ls -lh "$OUTPUT"
 
-      - name: Verify darwin binary signature
+      - name: Ad-hoc sign darwin binary
         if: steps.check.outputs.skip != 'true' && startsWith(matrix.platform, 'darwin-')
         run: |
           BINARY="packages/${{ matrix.platform }}/bin/oh-my-opencode"
+          codesign --sign - --force "$BINARY"
           echo "Signature info:"
           codesign -dvvv "$BINARY" 2>&1
           codesign -dvvv "$BINARY" 2>&1 | grep -q "Signature=adhoc" || { echo "ERROR: binary is not ad-hoc signed"; exit 1; }