constructing entitlements in the build step is convenient but requires
rebuilding everytime an entitlement is updated. This does not make logic
sense as signing is part of release and not the build step and can
potentially cause issues since we do not rebuild the entire tree on
each release making some entitlements become outdated.

We still keep sandboxdev entitlements as part of the build process as
this is not avoidable to produce local working sandbox entitlements
for debugging.