Add packages signature (#999)

Add packages signature

Documentation/ReleasePlan.md

@@ -91,10 +91,23 @@ dotnet pack -c release /p:TF_BUILD=true /p:PublicRelease=true
   Successfully created package 'D:\git\coverlet\bin\Release\Packages\coverlet.collector.1.2.1.nupkg'.
   Successfully created package 'D:\git\coverlet\bin\Release\Packages\coverlet.collector.1.2.1.snupkg'.
 ```
+4) Sign the packages using SignClient tool https://www.nuget.org/packages/SignClient
 
-4) Upload *.nupkg files to Nuget.org site. **Check all metadata(url links, deterministic build etc...) before "Submit"**
+```powershell
+❯ SignClient "Sign" `
+>> --baseDirectory "REPO ROOT DIRECTORY\bin" `
+>> --input "**/*.nupkg" `
+>> --config "ROOT REPO DIRECTORY\eng\signclient.json" `
+>> --user "USER" `
+>> --secret "SECRET" `
+>> --name "Coverlet" `
+>> --description "Coverlet" `
+>> --descriptionUrl "https://github.com/coverlet-coverage/coverlet"
+```
 
-5) **On your fork**:
+5) Upload *.nupkg files to Nuget.org site. **Check all metadata(url links, deterministic build etc...) before "Submit"**
+
+6) **On your fork**:
 *   Align to master
 *   Bump version by one(fix part) and re-add `-preview.{height}`
 *   Create release on repo https://github.com/tonerdo/coverlet/releases using https://github.com/tonerdo/coverlet/blob/master/src/coverlet.core/coverlet.core.csproj assembly version

eng/signclient.json

@@ -0,0 +1,13 @@
+{
+    "SignClient": {
+      "AzureAd": {
+        "AADInstance": "https://login.microsoftonline.com/",
+        "ClientId": "c248d68a-ba6f-4aa9-8a68-71fe872063f8",
+        "TenantId": "16076fdc-fcc1-4a15-b1ca-32c9a255900e"
+      },
+      "Service": {
+        "Url": "https://codesign.dotnetfoundation.org/",
+        "ResourceId": "https://SignService/3c30251f-36f3-490b-a955-520addb85001"
+      }
+    }
+}