begin signing Windows packages the Windows way

Right now we have no way to prove to users that we made the Windows packages we distributed, besides giving them signature files, which I feel extremely confident that 99% of them never check. We had a discussion at the Tor dev meeting in July about methods for using Microsoft's built-in signing tools. I have unfortunately forgotten the details of that discussion, but this ticket will serve as a place to dump any details we rediscover.