Not sure if this even still works, but there used to be this trick for the plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
(
source)
On that note, I was looking in the Notarizing process as well (thanks Apple for yet another hurdle) and am curious about the steps to take to do this with an application developed with Lazarus Pascal. This is what I found what Xojo users seem to be succesfull with, but may not fully applicable for Lazarus apps - I have not tested this yet.
1. Open the Application Loader developer tool in Xcode. Log in to your developer account and check the box to remember the login so a keychain entry is created. This allows you to skip entering your password in subsequent steps.
2. Code sign your app with the hardened runtime option (you may need entitlements if you are accessing any protected resources). For example:
$ codesign --force --options runtime --deep --sign "Developer ID Application: COMPANYNAME" MYAPP.app
3. Bundle the app into a signed DMG for distribution. Steps omitted.
4. Upload the signed DMG for notarization:
$ xcrun altool --notarize-app -f MYAPP.dmg --primary-bundle-id MYBUNDLEID -u MYAPPLEID -p @keychain:"Application Loader: MYAPPLEID"
5. A RequestUUID is returned. Periodically check the status of the notarization until it has completed:
$ xcrun altool --notarization-info REQUESTUUID -u MYAPPLEID -p @keychain:"Application Loader: MYAPPLEID"
6. When the notarization is complete, staple the ticket to the DMG:
$ xcrun stapler staple -v MYAPP.dmg
7. After installing your app, verify that it is notarized:
$ spctl -a -v /Applications/MYAPP.app
MYAPP.app: accepted
source=Notarized Developer ID