RFR: 8370126: Improve jpackage signing testing

[Alexey Semenyuk]

- Rework the SigningPackageTwoStepTest test to cover the case of bundling an unsigned predefined app image into a signed .pkg installer; make it verify expected warnings in the jpackage output.

- All jpackage tests will verify that without "--mac-sign" option, jpackage produces app images with a valid "adhoc" signature.

Additionally:
- Fix jpackage to make it emit messages expected in the updated SigningPackageTwoStepTest test.
- Add helper code for signing testing.
- Automatically unlock jpackage test keychains in all signing tests.
- Add a workaround for the `/usr/bin/codesign—-verify` command, which sometimes fails if executed without `sudo`.

-------------

Commit messages:
 - MacSignVerify: add a comment
 - Add javadoc
 - MacPackageBuilder, MacPkgPackageBuilder: move warning logging from MacBaseInstallerBundler
 - Update copyright year
 - Better keychain configuration in the signing tests; Unlock test keychains in signing tests; MacSignTest: better test coverage; MacSign: make MacSign.ResolvedKeychain more usable; JPackageCommand, MacHelper: add sign helpers and verify signature of jpackage output if it is unsigned; MacSignVerify: add functions to verify signed output of JPackageCommand instances; Rework SigningPackageTwoStepTest for better coverage. Add a workaround for `/usr/bin/codesign --verify` command that sometimes fails if executed without `sudo`.

Changes: https://git.openjdk.org/jdk/pull/27875/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=27875&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8370126
  Stats: 816 lines in 15 files changed: 549 ins; 139 del; 128 mod
  Patch: https://git.openjdk.org/jdk/pull/27875.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/27875/head:pull/27875

PR: https://git.openjdk.org/jdk/pull/27875