Sign our MAR files

The MAR format supports embedded signatures. We should make use of this and sign our updates with a key that we embed in the browser.

This will require changes to our build process -- perhaps a post-processing signing step for MAR files on a dedicated machine.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information