Add MrTrust GUI and Gitea release build

scripts/Uninstall-MrTrust.ps1

@@ -0,0 +1,87 @@
+[CmdletBinding(SupportsShouldProcess)]
+param(
+    [string]$CertificatePath = ".\assets\certificates\MrSphay-LocalTrust-Root.cer",
+    [string]$PublisherCertificatePath = ".\assets\certificates\MrSphay-CodeSigning.cer",
+    [ValidateSet("CurrentUser", "LocalMachine")]
+    [string]$Scope = "CurrentUser",
+    [switch]$Force
+)
+
+$ErrorActionPreference = "Stop"
+
+function Resolve-FullPath {
+    param([Parameter(Mandatory)][string]$Path)
+
+    $executionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($Path)
+}
+
+function Test-IsAdministrator {
+    $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
+    $principal = [Security.Principal.WindowsPrincipal]::new($identity)
+    $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+}
+
+if ($Scope -eq "LocalMachine" -and -not (Test-IsAdministrator)) {
+    throw "LocalMachine removal requires an elevated PowerShell session. Use -Scope CurrentUser or run as Administrator."
+}
+
+$resolvedCertificatePath = Resolve-FullPath $CertificatePath
+if (-not (Test-Path -LiteralPath $resolvedCertificatePath)) {
+    throw "Certificate file not found: $resolvedCertificatePath. Provide -CertificatePath to the public MrTrust certificate."
+}
+
+$rootCertificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($resolvedCertificatePath)
+if (-not $rootCertificate.Subject.StartsWith("CN=MrSphay", [System.StringComparison]::OrdinalIgnoreCase)) {
+    throw "Refusing to remove using an unexpected root certificate subject: $($rootCertificate.Subject)"
+}
+
+$resolvedPublisherCertificatePath = Resolve-FullPath $PublisherCertificatePath
+$publisherCertificate = $null
+if (Test-Path -LiteralPath $resolvedPublisherCertificatePath) {
+    $publisherCertificate = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($resolvedPublisherCertificatePath)
+    if (-not $publisherCertificate.Subject.StartsWith("CN=MrSphay", [System.StringComparison]::OrdinalIgnoreCase)) {
+        throw "Refusing to remove using an unexpected publisher certificate subject: $($publisherCertificate.Subject)"
+    }
+}
+
+$targets = @(
+    [pscustomobject]@{
+        Store = "Cert:\$Scope\Root"
+        Thumbprint = $rootCertificate.Thumbprint
+    }
+)
+
+if ($publisherCertificate) {
+    $targets += [pscustomobject]@{
+        Store = "Cert:\$Scope\TrustedPublisher"
+        Thumbprint = $publisherCertificate.Thumbprint
+    }
+}
+
+Write-Host "MrTrust will remove this certificate from scope '$Scope':"
+Write-Host "  Root subject:    $($rootCertificate.Subject)"
+Write-Host "  Root thumbprint: $($rootCertificate.Thumbprint)"
+if ($publisherCertificate) {
+    Write-Host "  Publisher subject:    $($publisherCertificate.Subject)"
+    Write-Host "  Publisher thumbprint: $($publisherCertificate.Thumbprint)"
+}
+Write-Host ""
+
+if (-not $Force) {
+    $answer = Read-Host "Type REMOVE to continue"
+    if ($answer -cne "REMOVE") {
+        Write-Host "Removal cancelled."
+        exit 1
+    }
+}
+
+foreach ($target in $targets) {
+    $matchingCertificates = Get-ChildItem -Path $target.Store | Where-Object Thumbprint -eq $target.Thumbprint
+    foreach ($matchingCertificate in $matchingCertificates) {
+        if ($PSCmdlet.ShouldProcess($target.Store, "Remove MrTrust certificate $($matchingCertificate.Thumbprint)")) {
+            Remove-Item -LiteralPath $matchingCertificate.PSPath
+        }
+    }
+}
+
+Write-Host "MrTrust certificate removed where present."