Fix signers not propagated to class if present

[zomabies]

Hi, this PR aim to fix signed jar class returning null signers for
CodeSource.getCodeSigner/getCertificate from Class.getProtectionDomain and Class.getSigners

The existing signer support is broken as currently in 0.17.3 (in the commented todo).

fabric-loader/src/main/java/net/fabricmc/loader/impl/launch/knot/KnotClassDelegate.java

Lines 391 to 408 in fd56b9b

	if (connection instanceof JarURLConnection) {
	manifest = ((JarURLConnection) connection).getManifest();
	certificates = ((JarURLConnection) connection).getCertificates();
	}
	if (manifest == null) {
	try (FileSystemUtil.FileSystemDelegate jarFs = FileSystemUtil.getJarFileSystem(path, false)) {
	manifest = ManifestUtil.readManifestFromBasePath(jarFs.get().getRootDirectories().iterator().next());
	}
	}
	// TODO
	/* JarEntry codeEntry = codeSourceJar.getJarEntry(filename);
	if (codeEntry != null) {
	cs = new CodeSource(codeSourceURL, codeEntry.getCodeSigners());
	} */
	}

I have changed Metadata to show if the codeSource has signed manifest.
It is used to return early if not signed to avoid future processing.

If manifest is signed, it will get signer for the specified filename from jar: uri and create a signed CodeSource with it.
- should not be cached since file will have different signer/no signer depending on the manifest. (ie, appended class file)

I also added a property flag to disables this if there is compatibility issue arise.

I have tested this using -Djava.debug.security=scl (valid before jdk24) with expected behavior when loading signed jars.

[Player3324]

I'd change the system property to be a bit more about disabling jar signature loading.

At a first glance the PR looks ok, but I need to have a closer look.