feat: native macos installer distribution (#1633)

* Add uninstall option and output pkg

Improve installer mode detection

Fix macOS installer packaging

Fix default selection for uninstall choice

Remove obsolete tar handling and clean script copies

* Improve macOS build script

* fix: update macos firewall and package scripts for better compatibility and cleanup

* Add DeveloperID certificate and improve macOS signing script

Use keychain option for codesign and restore login keychain to list
after signing

* Update build_macos.sh

* feat: add script to quit GUI application during uninstall on macos

* fix: handle macos post-install when app is unpacked into localized folder

* fix: improve post_install script to handle missing service plist and provide error logging

deploy/data/macos/post_uninstall.sh

@@ -9,6 +9,19 @@ SYSTEM_APP_SUPPORT="/Library/Application Support/$APP_NAME"
 LOG_FOLDER="/var/log/$APP_NAME"
 CACHES_FOLDER="$HOME/Library/Caches/$APP_NAME"
 
+# Attempt to quit the GUI application if it's currently running
+if pgrep -x "$APP_NAME" > /dev/null; then
+    echo "Quitting $APP_NAME..."
+    osascript -e 'tell application "'"$APP_NAME"'" to quit' || true
+    # Wait up to 10 seconds for the app to terminate gracefully
+    for i in {1..10}; do
+        if ! pgrep -x "$APP_NAME" > /dev/null; then
+            break
+        fi
+        sleep 1
+    done
+fi
+
 # Stop the running service if it exists
 if pgrep -x "${APP_NAME}-service" > /dev/null; then
     sudo killall -9 "${APP_NAME}-service"
@@ -32,3 +45,40 @@ sudo rm -rf "$LOG_FOLDER"
 
 # Remove any caches left behind
 rm -rf "$CACHES_FOLDER"
+
+# Remove PF data directory created by firewall helper, if present
+sudo rm -rf "/Library/Application Support/${APP_NAME}/pf"
+
+# ---------------- PF firewall cleanup ----------------------
+# Rules are loaded under the anchor "amn" (see macosfirewall.cpp)
+# Flush only that anchor to avoid destroying user/system rules.
+
+PF_ANCHOR="amn"
+
+### Flush all PF rules, NATs, and tables under our anchor and sub-anchors ###
+anchors=$(sudo pfctl -s Anchors 2>/dev/null | awk '/^'"${PF_ANCHOR}"'/ {sub(/\*$/, "", $1); print $1}')
+for anc in $anchors; do
+    echo "Flushing PF anchor $anc"
+    sudo pfctl -a "$anc" -F all 2>/dev/null || true
+    # flush tables under this anchor
+    tables=$(sudo pfctl -s Tables 2>/dev/null | awk '/^'"$anc"'/ {print}')
+    for tbl in $tables; do
+        echo "Killing PF table $tbl"
+        sudo pfctl -t "$tbl" -T kill 2>/dev/null || true
+    done
+done
+
+### Reload default PF config to restore system rules ###
+if [ -f /etc/pf.conf ]; then
+    echo "Restoring system PF config"
+    sudo pfctl -f /etc/pf.conf 2>/dev/null || true
+fi
+
+### Disable PF if no rules remain ###
+if sudo pfctl -s info 2>/dev/null | grep -q '^Status: Enabled' && \
+   ! sudo pfctl -sr 2>/dev/null | grep -q .; then
+    echo "Disabling PF"
+    sudo pfctl -d 2>/dev/null || true
+fi
+
+# -----------------------------------------------------------