This week's most consequential incidents share a structural pattern that should make every security team uncomfortable: the infrastructure defenders rely on to establish trust — code-signing authoriti