curl | sh installer requires restart on macos

[EverlastingBugstopper]

For now folks on macbooks should install with npm i -g @apollo/rover or just restart their computer after installing with the curl | sh installer.

From what I can tell this is what's happening (docs on this are hard to find):

1. user installs rover 0.0.4 with curl installer as a fresh install
2. user runs rover
3. gatekeeper has never seen this file before, so it validates the code signature against apple's notarization service (details are hazy here but this is the gist)
4. rover works. great.
5. user installs rover 0.0.5 with curl installer
6. it prompts to overwrite the old version
7. user accepts
8. 0.0.5 binary overwrites old 0.0.4 binary
9. gatekeeper thinks its seen this file before, and does not detect com.apple.quarantine so does not validate the code signature against apple's notarization service
10. the file has changed, meaning the signature mismatches what gatekeeper pulled from the notarization service for 0.0.4
11. gatekeeper kills rover
12. user restarts computer
13. rover 0.0.5 works now since gatekeeper decides to refresh the signature (or something like that? idk)

---

some other interesting things to note:

1. cargo doesn't seem to be codesigned at all. how this runs on my macbook without any extra hoops is sheer wizardry and i have no idea how they're doing that.
2. nvm does have things codesigned, and stores binaries in separate directories for each version, which may be a valid way of doing this (could maybe symlink main rover binary to various version subdirectories)
3. since we're signing + notarizing, we could probably fairly easily distribute with brew fairly easily which would fit in with how MacOS devs are used to installing software

---

it also seems like if i do the following, it tricks gatekeepr into checking again so maybe we can just do that with the installer:

$ ./bin/rover --version
Killed: 9
$ cp ./bin/rover ./bin/rover2
$ rm ./bin/rover
$ mv ./bin/rover2 ./bin/rover
$ ./bin/rover --version
0.0.5