feat(ci): Publish installer PKG for macOS standalone (#8795)

Microsoft Intune's DMG provisioner currently fails unexpectedly when
trying to provision our published DMG file with the error:

> The DMG file couldn't be mounted for installation. Check the DMG file
if the error persists. (0x87D30139)

I ran the following verification commands locally, which all passed:

```
hdiutil verify -verbose <dmg>
hdiutil imageinfo -verbose <dmg>
hdiutil hfsanalyze -verbose <dmg>
hdiutil checksum -type SHA256 -verbose <dmg>
hdiutil info -verbose
hdiutil pmap -verbose <dmg>
```

So the issue appears to be most likely that Intune doens't like the
`/Applications` shortcut in the DMG. This is a UX feature to make it
easy to drag the application the /Applications folder upon opening the
DMG.

So we're publishing an PKG in addition to the DMG, which should be a
more reliable artifact for MDMs to use.

---------

Signed-off-by: Jamil <jamilbk@users.noreply.github.com>

.github/workflows/_swift.yml

@@ -55,6 +55,8 @@ jobs:
             # mark:next-apple-version
             artifact-file: "firezone-macos-client-1.4.10.dmg"
             # mark:next-apple-version
+            pkg-artifact-file: "firezone-macos-client-1.4.10.pkg"
+            # mark:next-apple-version
             release-name: macos-client-1.4.10
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -98,6 +100,7 @@ jobs:
           STANDALONE_BUILD_CERT: "${{ secrets.APPLE_STANDALONE_BUILD_CERTIFICATE_BASE64 }}"
           STANDALONE_BUILD_CERT_PASS: "${{ secrets.APPLE_STANDALONE_BUILD_CERTIFICATE_P12_PASSWORD }}"
           ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.artifact-file }}"
+          PKG_ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.pkg-artifact-file }}"
           NOTARIZE: "${{ github.event_name == 'workflow_dispatch' }}"
           ISSUER_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }}"
           API_KEY_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }}"
@@ -107,8 +110,10 @@ jobs:
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         if: "${{ github.event_name == 'workflow_dispatch' && matrix.job_name == 'build-macos-standalone' }}"
         with:
-          name: ${{ matrix.artifact-file }}
-          path: "${{ runner.temp }}/${{ matrix.artifact-file }}"
+          name: macos-client-standalone
+          path: |
+            "${{ runner.temp }}/${{ matrix.artifact-file }}"
+            "${{ runner.temp }}/${{ matrix.pkg-artifact-file }}"
       - run: ${{ matrix.upload-script }}
         if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' }}"
         env:
@@ -119,6 +124,17 @@ jobs:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           RELEASE_NAME: "${{ matrix.release-name }}"
           PLATFORM: "${{ matrix.platform }}"
+      # We also publish a pkg file for MDMs that don't like our DMG (Intune error 0x87D30139)
+      - run: ${{ matrix.upload-script }}
+        if: "${{ github.event_name == 'workflow_dispatch' && github.ref_name == 'main' && matrix.job_name == 'build-macos-standalone' }}"
+        env:
+          ARTIFACT_PATH: "${{ runner.temp }}/${{ matrix.pkg-artifact-file }}"
+          ISSUER_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_ISSUER_ID }}"
+          API_KEY_ID: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY_ID }}"
+          API_KEY: "${{ secrets.APPLE_APP_STORE_CONNECT_API_KEY }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          RELEASE_NAME: "${{ matrix.release-name }}"
+          PLATFORM: "${{ matrix.platform }}"
       - name: Setup sentry CLI
         if: "${{ github.event_name == 'workflow_dispatch' }}"
         uses: matbour/setup-sentry-cli@3e938c54b3018bdd019973689ef984e033b0454b #v2.0.0