Programatic code signing for macOS plugins?

I have a standalone application that creates AU and VST3 plugin packages. Basically, this works by making a copy of a boilerplate plugin package and overwriting certain files within that package. The bolierplate plugins are signed with an Apple Developer ID, but of course overwriting files within the plugin package breaks the code signing. Is there a way to- from within a JUCE desktop application- programmatically code sign the modified plugins? Otherwise, is there a way to programmatically change Gatekeeper settings to allow unsigned plugins? Any insight or advice appreciated!

You can do that by calling the codesign command in a JUCE ChildProcess. Make sure to use --force to overwrite the old signature!

But you would probably also need to notarise…