Authenticode signing would be best, PGP signing would be the next best, at the very least a SHA512 hash to verify the authenticity of the executable would be great.

Unfortunately getting an Authenticode cert is not easy.
To get a meaningful cert for DriverStoreExplorer, we need a company/organization, which we don't have. Also, it costs money.

PGP signing is not that useful on Windows as people can't easily verify that (no builtin support on Windows).

Hash seems like a cheap solution. Need some change on build pipeline to produce the hash for it. Where should we publish the hash?

Comodo sells Authenticode certificates specifically for indivdual developers for $70-85 per year (depending on validity period.)
Another option is Certum at 70 euro per year

If you add a donate button to your github, I'll throw in $10. And no, I don't work for either of them lol.

https://shop.certum.eu/open-source-code-signing.html
https://comodosslstore.com/code-signing/comodo-individual-code-signing-certificate