This is from :agashlin in a different medium: "The makemsix signing branch that we use in automation doesn't generate a Code Integrity catalog when signing the package, unlike
makeappx.exe. I assume that when Microsoft signs the package for the store they use
makeappx.exe, we may need to do this as well for testing. This lack of Code Integrity may also be missed by some enterprise MSIX users."
This ticket tracks including a Code Integrity catalog when packaging MSIX, possibly by teaching
makemsix how to so.
If this is a hard blocker, we could try using Wine to run
makeappx.exe, or we could run the relevant MSIX jobs on Windows directly.