Add Windows code signing setup for x64 builds (#22022)

## Summary
- Implements automated Windows code signing for x64 and x64-baseline
builds
- Integrates DigiCert KeyLocker for secure certificate management
- Adds CI/CD pipeline support for signing during builds

## Changes
- Added `.buildkite/scripts/sign-windows.sh` script for automated
signing
- Updated CMake configurations to support signing workflow
- Modified build scripts to integrate signing step

## Testing
- Script tested locally with manual signing process
- Successfully signed test binaries at:
  - `C:\Builds\bun-windows-x64\bun.exe`
  - `C:\Builds\bun-windows-x64-baseline\bun.exe`

## References
Uses DigiCert KeyLocker tools for Windows signing

## Next Steps
- Validate Buildkite environment variables in CI
- Test full pipeline in CI environment

---------

Co-authored-by: Jarred Sumner <jarred@bun.sh>
Co-authored-by: Claude Bot <claude-bot@bun.sh>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

cmake/Options.cmake

@@ -57,6 +57,23 @@ else()
   message(FATAL_ERROR "Unsupported architecture: ${CMAKE_SYSTEM_PROCESSOR}")
 endif()
 
+# Windows Code Signing Option
+if(WIN32)
+  optionx(ENABLE_WINDOWS_CODESIGNING BOOL "Enable Windows code signing with DigiCert KeyLocker" DEFAULT OFF)
+  
+  if(ENABLE_WINDOWS_CODESIGNING)
+    message(STATUS "Windows code signing: ENABLED")
+    
+    # Check for required environment variables
+    if(NOT DEFINED ENV{SM_API_KEY})
+      message(WARNING "SM_API_KEY not set - code signing may fail")
+    endif()
+    if(NOT DEFINED ENV{SM_CLIENT_CERT_FILE})
+      message(WARNING "SM_CLIENT_CERT_FILE not set - code signing may fail")
+    endif()
+  endif()
+endif()
+
 if(LINUX)
   if(EXISTS "/etc/alpine-release")
     set(DEFAULT_ABI "musl")