For the release of netboot artifacts, we need to [sign them using a code signing certificate](https://ipxe.org/crypto). The accompanying CA cert needs to be added as [a secret variable](https://docs.gitlab.com/ee/ci/variables/), while the signer CER is published alongside the client-side ipxe tooling ([currently this is still added to archweb as static data](https://github.com/archlinux/archweb/tree/25dc4499aef6a9e1a9bd0fd2f794ce2b0e70aeae/sitestatic/netboot)). We can rely on using archiso (https://gitlab.archlinux.org/archlinux/archiso/-/issues/128) to generate the artifacts in the pipelines of this repository. ~~However, until #6 is not resolved (with a signing enclave) we will have to revert to reusing the build artifacts from [archlinux/archiso](https://gitlab.archlinux.org/archlinux/archiso) and do codesigning manually.~~ For additionally codesigning the target iPXE script (#9) we need a custom function, that allows us to do that, after generating the script from a template.