Digression to share some experience of code-signing:
The main author of PuTTY, Simon Tatham, has acquired a code-signing certificate as an individual (it was not possible to get one as an informal non-company team), but as I recall it was indeed quite a faff both on initial application and renewal (involving notaries and such), even with pretty good support from the certificate provider (who had reached out to donate the certificate). (Not to mention all the code-signing tooling, which I understand is pretty wretched to use, although PuTTY has its own peculiar requirements in that regard.)
Anyway, I mainly came here to say that code signing did not stop the false positives from AV software at all, so I don’t recommend going to the trouble of code-signing just for that reason. (There may be other good reasons.)