[match] Add support for Developer ID certificates from G2 Sub-CA

[triplef]

Checklist

• I've run bundle exec rspec from the root directory to see all new and existing tests pass
• I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
• I've read the Contribution Guidelines
• I've updated the documentation if necessary.

Motivation and Context

Developer ID certificates can now be generated using one of two different intermediary CAs, and Fastlane currently doesn’t support the newer G2 Sub-CA. Following is the description from the certification creation page on the Apple Developer portal when selecting "Developer ID Application":

Certificates issued from the Developer ID G2 intermediary certificate authority (Sub-CA) are supported by Xcode 11.4.1 or later. If you need to sign software for distribution on an earlier release, you can create a certificate associated to the previous Sub-CA and turn off Automatic Signing in Xcode. Any certificates created after Feb 01, 2022 and associated to the previous Sub-CA will expire on Feb 01, 2027.

Description

• Adds a new DEVELOPER_ID_APPLICATION_G2 certificate type
• Updates match and sigh to find Developer ID certificates using this new type
• Updates cert to generate Developer ID certificates using this new type

I used match to generate and find a new Developer ID certificate.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

For more information, open the CLA check for this pull request.

[triplef]

Thanks! Btw. the CLA is signed.

[joshdholtz]

Thanks for making this! Did you happen to test this to see how this behaves with App Store Connect API?

The official docs don't show this as a value (yet) - https://developer.apple.com/documentation/appstoreconnectapi/certificatetype

I don't think you can create a Developer ID while using the API Key but wanted to check anyway 🙃

[triplef]

Thanks for your feedback @joshdholtz!

Could you give me a hint how to test this with the ASC API? It’s a bit tricky to test this as you can only have one Developer ID cert, and I think you can’t even revoke it. Any guidance how to deal with this would be appreciated.

[joshdholtz]

This looks great! I tested this with both Apple ID auth and API Key and works as expected 💪 I also added a commit so that it will still list cert of both the new and old type but will only create the new one.

Really appreciate the contribution 🥰

[fastlane-bot]

Congratulations! 🎉 This was released as part of fastlane 2.206.0 🚀