windows: get certificate to sign packages

We should buy a microsoft authenticode certificate to be able to sign our packages. user experience right now asks if you want to run software from "unknown vendor".

I think we can do with the cheaper ones (since we don't need to sign kernel drivers): https://www.comodo.com/business-security/code-signing-certificates/code-signing.php