Sign our MAR files

The MAR format supports embedded signatures. We should make use of this and sign our updates with a key that we embed in the browser.

This will require changes to our build process -- perhaps a post-processing signing step for MAR files on a dedicated machine.