Fix T66986: errors with add-ons using ctypes in macOS release

Add extra entitlements to allow the kind of unsigned executable memory access
that cytpes does.

release/darwin/bundle.sh

@@ -18,6 +18,7 @@ _tmp_dir="$(mktemp -d)"
 _tmp_dmg="/tmp/blender-tmp.dmg"
 _background_image="${_script_dir}/background.tif"
 _mount_dir="/Volumes/${_volume_name}"
+_entitlements="${_script_dir}/entitlements.plist"
 
 # Handle arguments.
 while [[ $# -gt 0 ]]; do
@@ -128,17 +129,17 @@ if [ ! -z "${C_CERT}" ]; then
     for f in $(find "${_mount_dir}/Blender.app/Contents/Resources" -name "python*"); do
         if [ -x ${f} ] && [ ! -d ${f} ]; then
             codesign --remove-signature "${f}"
-            codesign --timestamp --options runtime --sign "${C_CERT}" "${f}"
+            codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
         fi
     done
     echo ; echo -n "Codesigning .dylib and .so libraries"
     for f in $(find "${_mount_dir}/Blender.app" -name "*.dylib" -o -name "*.so"); do
         codesign --remove-signature "${f}"
-        codesign --timestamp --options runtime --sign "${C_CERT}" "${f}"
+        codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${f}"
     done
     echo ; echo -n "Codesigning Blender.app"
     codesign --remove-signature "${_mount_dir}/Blender.app"
-    codesign --timestamp --options runtime --sign "${C_CERT}" "${_mount_dir}/Blender.app"
+    codesign --timestamp --options runtime --entitlements="${_entitlements}" --sign "${C_CERT}" "${_mount_dir}/Blender.app"
     echo
 else
     echo "No codesigning cert given, skipping..."

release/darwin/entitlements.plist

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+	<true/>
+</dict>
+</plist>