Currently when running macdeployqt with one more -executable options and -codesign, it will embed @loader_path prefixed rpaths instead of @executable_path prefixed ones.

https://github.com/qt/qtbase/blob/dev/src/tools/macdeployqt/shared/shared.cpp#L1058
https://github.com/qt/qtbase/blob/dev/src/tools/macdeployqt/shared/shared.cpp#L961

Unfortunately this means that the copied Qt framework libraries will not be code-signed anymore, because the code skips signing libraries that start with @loader_path
https://github.com/qt/qtbase/blob/dev/src/tools/macdeployqt/shared/shared.cpp#L617

This can lead to issues on arm mac machines if the copied libraries have previously been signed, because macdeloyqt will call install_name_tool to modify the rpaths of the libs, and thus invalidate the previous signature.

This happens with the Qt libraries distributed by Homebrew, which are explicitly signed, albeit with an ad-hoc signature '-', which is not a linker ad-hoc signature!
See QTBUG-101695 and https://github.com/Homebrew/brew/issues/9082

We should consider signing all libraries that are copied into the bundle, regardless of whether their install name starts with @rpath @executable_path or @loader_path

Note this is distinct from QTBUG-100686 where macdeployqt does not copy libraries to the bundle. The current issue is about signing only.