Do a codesign --verify before running spctl

codesign is less strict than spctl and gives more output.
codesign -d alone doesn't verify but only prints.

admin/osx/sign_app.sh

@@ -9,8 +9,9 @@ team_identifier="$3"
 codesign -s "$identity" --force --preserve-metadata=entitlements --verbose=4 --deep "$src_app"
 
 # Verify the signature
-spctl -a -t exec -vv $src_app
 codesign -dv $src_app
+codesign --verify -v $src_app
+spctl -a -t exec -vv $src_app
 
 # Validate that the key used for signing the binary matches the expected TeamIdentifier
 # needed to pass the SocketApi through the sandbox