it does, both for MacOS and Windows

it's non-trivial to do this with a deterministic build, because we can't exactly distribute the certificates to builders-who can be anyone

so we first do a non-codesigned build pass, then the people with the certificates sign their binaries using the appropriate signing tool, and upload the detached signature (for both platforms) to https://github.com/bitcoin-core/bitcoin-detached-sigs

these are subsequently attached in a final build pass

a lot of work for what is basically security theater, but as you found there's not really a choice with these platforms 

 We are also in hard place at the moment because macos now also requires a stapled notarization. There are open source tools for it that seem to work well, but they introduce a big rat tail of dependencies. 

 yes, Apple especially keeps heaping up requirements and new hoops for developers to jump though

"at least it's not as bad as for iOS"™
 

 What is stapled notarization? 

 You send your binary to Apple and they do some checks before signing it. That’s what “Apple checked this application and found no malware” prompt is.

Also, those signatures can be revoked or even blacklisted if required.