Right now we use an Apple ID and app-specific password to notarize our application with Apple. This unnecessarily ties our builds to the permissions of an individual developer. If their permissions are reduced it could break notarization; if their permissions are increased it means our credentials are more powerful than they need to be.

notarytool can be configured to use an API key on the command line:https://keith.github.io/xcode-man-pages/notarytool.1.html#App

We also need an admin of our Apple Account to generate the key and add it to the GitHub Actions secrets.