(In reply to Rachel Tublitz [:rachel] from comment #1)
Nick, I know you were doing a bit of digging here as to what is/isn't possible that we know of so far. Would you mind adding details of your findings here so we have everything related to this work in one place? If there's someone else to follow up with here, that'd be good to know as well.
I did do a bit of digging. I conclude that there isn't a published/well-known "ride-along" scheme like the mutating certificates that are used to ride-along through the MS Authenticode scheme. It's challenging to experiment due to the Apple Developer process, but not impossible. But I doubt we'll be able to modify certificates just by manual inspection of the certs and the signing process.
I tried to understand the existing quarantine code, including the details about "The API to access the data doesn't work when launching via gui." I definitely see the quarantine coding failing on my local machine, but I didn't go so far as to try to duplicate the work in a non-gui macOS application.
I also noticed that Chrome/Chromium does/did things very slightly differently than we do/did and wondered if we were seeing API drifts over time. But I didn't run these things all the way down.
In the end I left this 'cuz the size of the impacted population seemed small and the technical pieces more work than was justified.