I'm not super familiar with code signing, but if alternatives are expensive, could OP maintain a checksum value on their download page rather than go with DigiCert or alternative services? Or does code-signing solve a different problem?
No. Code signing is very different. Checksum would only work for developers on linux. Without code signing certificate, MacOS would straight refuse to run the app and windows will show an 'Unverified publisher' warning. Also things like auto-updates do not work on either platform unless you code sign your binaries.
I set up code signing for an electron app relatively recently. Best option I could find was Digicert. Really sucks that this stuff is necessary nowadays and not free, but it's not so bad.
That's for Windows - for Mac you'll also need an Apple developer account, afaik they're the only people who can issue certs.
EDIT: Woah, I take that back. Digicert has now gone up from $74/year to $474/year, which is crazy. I now also need a new certificate provider...
For Electron signing we use Tucows Code signing certs (you need to register as Tucows auther for free) which are provided by Comodo for $140 for 2 years.
Didn't have any issues besides getting a proper CI/CD process running.
We chose the "Open Source Code Signing" option, with it being stored on a physical keyfob thing (eg not "in the cloud"). Total cost, including the new key fob and super expensive, week+ delay, mandatory postage (!) was around 135 Euro.
For my project (quarkjs.io), I went for https://comodosslstore.com . They have the cheapest certificates I could find (at ~75USD), also they are the only ones issuing certificates for individual developers.