When signing .app package, the script first packs the folder into
a temporary tarfile and then uploads to the signing service. When
fetching the result back, we should download the logs into the location
of the original folder, not to the location of the temporary tarball.