I have not found one since the CA/BF voted to require hardware security modules for signing certificates. The cheapest option for an individual is via Microsoft, $10/month and a relatively painless identify verification lets you do cloud signing. They have enabled and disabled signups for the individual option, though, and it's unclear if it will be there permanently. Other options are ~$300/year and up. Also annoying is that Azure cloud signing works on GitHub Windows runners but not GitLab ones.

I’m not super familiar with windows code signing anymore but fewer people care about it on windows (because it isn’t required). It’s definitely a small hurdle to be sure but I think you’d really only lose out on enterprise users at that point. I think code signing might only matter if the installer is built in certain ways (i.e. it’s an exe instead of using an msi to install, if someone knows better please correct this).

If your target is enterprise users convince IT users of its value and they will eventually make exceptions in their orgs for it no matter what signed or not.