[Bug] CoreTrust signed MachO's may not resign properly

[khcrysalis]

Report

The codesigner has specific rules to follow and this is one of them:

// Rules:
//
// 1. If there is an existing signature, there must be no data in
//    the binary after it. (We don't know how to update references to
//    other data to reflect offset changes.)
// 2. If there isn't an existing signature, there must be "room" between
//    the last load command and the first section to write a new load
//    command for the signature.

Some coretrust signed machos dont follow these rules and have data after them after the existing signature, causing the codesigner to fail and deem it as a malformed macho, @iosdecrypt telegram bot produces apps that evidently cause this error:

Err(AppleCodesignError::DataAfterSignature) "__LINKEDIT segment contains data after signature"
https://github.com/indygreg/apple-platform-rs/blob/main/apple-codesign/src/macho.rs#L298-L358

Contributor Checks

• I am willing to attempt to make a pull request to fix this bug

Additional Information

• Developer mode enabled
• Using paid developer account
• I will send an ipa of the app I'm having trouble installing if any
• I'm willing to provide crash logs or debugging information if needed