consider changing the signature source from an individual to CFF

[jbayer]

right now the README states that files are signed by the @sclevine keybase.io. is there a better approach than using an individual in the future?

[sclevine]

There's some discussion about this here. Bret has also reached out to me directly about signing the CF Local binaries with a trusted code signing certificate so that they can be used on locked-down Windows machines.

I should follow up with @chipchilders to see if the CFF could send me a hardware token with the same code signing certificate that's used by the CF CLI, or alternatively, if the CFF could purchase additional certificates for CLI plugin authors.