The jar file needs special treatment to be signed correctly:
- The identifier must be without any dots. The file has three, and
  if only the suffix is dropped, then it will be wrongly interpreted as
  a reverse domain, still
- It is not allowed to have a Mac App store certificate signature,
  together with a jar file, as this is forbidden in the app store.
  Our explicit requirement was allowing such a signature (see
  "cert leaf[field.1.2.840.113635.100.6.1.9] exists").

Solution is now to just let codesign do this work internally,
therefore the explicit requirement is dropped completely.