Split packaging on Windows into dedicated jobs that run with access to
an EV signing certificate.
Prior to commit 0929221ca3 (gitlab-ci: Simplify Windows packaging
pipeline, 2023-02-28, v3.26.0-rc5~3^2~3) we had separate packaging jobs,
but they did not run in release packaging pipelines. Restore them, and
run them in both nightly and release packaging pipelines.
In commit 4c7c66dcf5 (gitlab-ci: Add jobs to make Windows x86_64 and
i386 packages, 2022-05-19, v3.24.0-rc1~112^2) we used a separate Windows
packaging job in nightly packaging pipelines. It did not run in release
pipelines, where we need to run the final packaging step manually with
signing. Simplify nightly packaging pipelines by running `cpack` at the
end of the build job as we do for other platforms.
For release packaging pipelines, create an archive of the files needed
to build a package, and present this as the built "package" on Windows.
Run CPack in a separate job for nightly binaries, and not at all for
release binaries. Unlike macOS disk images (.dmg), we cannot sign the
binaries inside Windows installers (.msi) after-the-fact. Instead,
produce enough artifacts from the build job to sign and package release
binaries manually.
Port build settings from `Utilities/Release/win/x86/Dockerfile` and its
helper scripts.
