build: strong name sign the Extension Toolkit (#39469)

Strong-name signing embeds publisher identity into the signature of a
.NET assembly.

This is required if *any other* strong name signed project wants to take
a dependency on it.

To make this work, we need to delay-sign it with a public key (.snk
file)--e.g. say we are going to sign it, but not actually sign it--to
give it an identity and then later submit it to ESRP for final signing.

The snk file does not contain any private material.

Some minor changes were required to build properly:
- `InternalsVisibleTo` requires a PublicKeyToken, but we aren't using
  it in the SDK build so it's fine to just leave it out.
- I had to mark a class `sealed` and I can only guess it's because
  strong named assemblies have more guarantees?

.github/actions/spell-check/expect.txt

@@ -1535,6 +1535,7 @@ SMALLICON
 smartphone
 SMTO
 SNAPPROCESS
+snk
 snwprintf
 softline
 SOURCECLIENTAREAONLY

.pipelines/ESRPSigning_sdk.json

@@ -4,9 +4,66 @@
     "SignBatches": [
         {
             "MatchedPath": [
-                "Microsoft.CommandPalette.Extensions.dll",
                 "Microsoft.CommandPalette.Extensions.Toolkit.dll"
             ],
+            "SigningInfo": {
+                "Operations": [
+                    {
+                        "KeyCode": "CP-233904-SN",
+                        "OperationSetCode": "StrongNameSign",
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0",
+                        "Parameters": []
+                    },
+                    {
+                        "KeyCode": "CP-233904-SN",
+                        "OperationSetCode": "StrongNameVerify",
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0",
+                        "Parameters": []
+                    },
+                    {
+                        "KeyCode": "CP-230012",
+                        "OperationSetCode": "SigntoolSign",
+                        "Parameters": [
+                            {
+                                "parameterName": "OpusName",
+                                "parameterValue": "Microsoft"
+                            },
+                            {
+                                "parameterName": "OpusInfo",
+                                "parameterValue": "http://www.microsoft.com"
+                            },
+                            {
+                                "parameterName": "FileDigest",
+                                "parameterValue": "/fd \"SHA256\""
+                            },
+                            {
+                                "parameterName": "PageHash",
+                                "parameterValue": "/NPH"
+                            },
+                            {
+                                "parameterName": "TimeStamp",
+                                "parameterValue": "/tr \"http://rfc3161.gtm.corp.microsoft.com/TSS/HttpTspServer\" /td sha256"
+                            }
+                        ],
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0"
+                    },
+                    {
+                        "KeyCode": "CP-230012",
+                        "OperationSetCode": "SigntoolVerify",
+                        "Parameters": [],
+                        "ToolName": "sign",
+                        "ToolVersion": "1.0"
+                    }
+                ]
+            }
+        },
+        {
+            "MatchedPath": [
+                "Microsoft.CommandPalette.Extensions.dll"
+            ],
             "SigningInfo": {
                 "Operations": [
                     {

src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/JsonSerializationContext.cs

@@ -16,6 +16,6 @@ namespace Microsoft.CommandPalette.Extensions.Toolkit;
 [JsonSerializable(typeof(List<ChoiceSetSetting>))]
 [JsonSerializable(typeof(Dictionary<string, object>), TypeInfoPropertyName = "Dictionary")]
 [JsonSourceGenerationOptions(UseStringEnumConverter = true, WriteIndented = true)]
-internal partial class JsonSerializationContext : JsonSerializerContext
+internal sealed partial class JsonSerializationContext : JsonSerializerContext
 {
 }

src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchOption.cs

@@ -5,8 +5,6 @@
 using System;
 using System.Runtime.CompilerServices;
 
-[assembly: InternalsVisibleTo("Microsoft.Plugin.Program.UnitTests")]
-
 namespace Microsoft.CommandPalette.Extensions.Toolkit;
 
 public partial class MatchOption

src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/MatchResult.cs

@@ -4,8 +4,6 @@
 
 using System.Runtime.CompilerServices;
 
-[assembly: InternalsVisibleTo("Microsoft.Plugin.Program.UnitTests")]
-
 namespace Microsoft.CommandPalette.Extensions.Toolkit;
 
 public partial class MatchResult

src/modules/cmdpal/extensionsdk/Microsoft.CommandPalette.Extensions.Toolkit/Microsoft.CommandPalette.Extensions.Toolkit.csproj

@@ -15,6 +15,12 @@
     <ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>None</ResolveAssemblyWarnOrErrorOnTargetArchitectureMismatch>
   </PropertyGroup>
 
+  <PropertyGroup Condition="'$(CIBuild)'=='true'">
+    <SignAssembly>true</SignAssembly>
+    <DelaySign>true</DelaySign>
+    <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)..\..\..\..\..\.pipelines\272MSSharedLibSN2048.snk</AssemblyOriginatorKeyFile>
+  </PropertyGroup>
+
   <PropertyGroup>
     <CsWinRTIncludes>Microsoft.CommandPalette.Extensions</CsWinRTIncludes>
     <CsWinRTGeneratedFilesDir>$(OutDir)</CsWinRTGeneratedFilesDir>

src/modules/cmdpal/extensionsdk/nuget/BuildSDKHelper.ps1

@@ -69,6 +69,10 @@ if (($BuildStep -ieq "all") -Or ($BuildStep -ieq "build")) {
           ("/p:VersionNumber="+$VersionOfSDK)
           )
 
+        if ($IsAzurePipelineBuild) {
+          $msbuildArgs += "/p:CIBuild=true"
+        }
+
         & $msbuildPath $msbuildArgs
       }
     }