disable extension validation in Positron

[jmcphers]

This change causes Positron to skip extension validation. Extension validation isn't a new feature from upstream, but it is a feature that was formerly not very aggressive. In this change from upstream 1.94 (which we picked up with the 1.93 -> 1.95 upstream merge), VS Code started blocking installation when signature verification fails.

microsoft/vscode@2991008

This change also added a new option, extensions.verifySignature, which controls the new behavior. The fix is to effectively hide this option and never perform signature verification.

In early drafts of this change I considered just defaulting the setting to false, but it turns out that Positron is missing an essential binary needed to perform signature verification (@vscode/vsce-sign), so we cannot verify signatures. Verification is also restricted to Windows and macOS platforms, even in upstream VS Code.

This fix is a stopgap to get installation back online quickly. In the long term, we should consider investigating what work is needed to perform signature verification. While Positron does not bundle a copy of the vsce-sign tool, the tool is distributed on npm (note however that it is closed source and under a Microsoft license). https://www.npmjs.com/package/@vscode/vsce-sign

Addresses #5758.

QA Notes

Installing from local VSIX files as well as OpenVSX should work smoothly.

[github-actions]

E2E Tests 🚀  ^?
This PR will run tests tagged with: @critical

[petetronic]

We'll need to start with this to unblock releases and then work on the items mentioned.