I have not found one since the CA/BF voted to require hardware security modules for signing certificates. The cheapest option for an individual is via Microsoft, $10/month and a relatively painless identify verification lets you do cloud signing. They have enabled and disabled signups for the individual option, though, and it's unclear if it will be there permanently. Other options are ~$300/year and up. Also annoying is that Azure cloud signing works on GitHub Windows runners but not GitLab ones.