Add FAKESIGN_IPA option

[opa334]

Preserves entitlements of all binaries and fakesigns everything using ldid.

Perfect for installation using TrollStore.

(install_name_tool also needs the --no-strip-codesig flag because otherwise the entitlements are removed by it)

[Al4ise]

Insert_dylib with --no-strip-codesig works in 50% of cases at max. I've personally had many issues with it. A better solution is to dump entitlements in a separate file, strip codesign, then install_name_tool, and then restore the entitlements

[kabiroberai]

Excuse the late response, but thanks for the PR! I agree that dumping and restoring ents might be a better idea.

For maximum flexibility, I think the way to go here would be to 1) allow PROFILE = - to indicate ad-hoc signing, and 2) allow a custom file to be set for ENTITLEMENTS — which is something I should've honestly done in the first place, since the profile ents don't always map 1:1 with the ents the ipa should have. Also, for consistency, we can use codesign -fs - for ad-hoc signing rather than ldid since atm Theos Jailed is macOS-only anyway.