I have signed Mac applications which need to invoke scripts and executables stored inside! The key is that both the app and any scripts or dynamic libraries inside need to be signed (any executable code), and also uploaded to Apple's servers for notarization.
This project was very helpful in automating the process: GitHub - EddieCameron/notarize-app: Make and notarise a .app or .dmg outside of Xcode