Cannot run QT macOS app on another MacBook

A cross-platform QT application is built for macOS. This app works if I test this on the same machine. When I create a .dmg file, this also works on my machine. When I test this on another machine, I get the error:

You do not have permission to open the application "MYAPP".

How can I debug this to see what the problem is?

Steps I do to create the .dmg file:

Run qmake and make until I have MYAPP.app (release build)
binarycreator -c config/config.xml -p packages/ setup_MYAPP

This creates setup_MYAPP.app
codesign -s "Full common name of my Apple Distribution profile" setup_MYAPP.app

When I provide a meaningless name between quotes it throws an error, so I assume this went fine.
hdiutil create -format UDZO -srcfolder setup_MYAPP.app MYAPP.dmg

This creates MYAPP.dmg, and the installer refuses to run on another macbook.

Alternatively:

Run qmake and make until I have MYAPP.app (release build)
codesign -s "Full common name of my Apple Distribution profile" MYAPP.app
macdeployqt MYAPP.app/ -dmg -codesign="Full common name of my Apple Distribution profile" -appstore-compliant

This creates MYAPP.dmg, and the app refuses to run on another macbook.

Solution

OK, it seems the correct answer is "it's complicated".

I have not succeeded in creating an installer that I can share outside the MAC App Store. Apple has restricted this to the point at which I just give in to bureaucracy and to good looking but really extremely bad documentation.

Distribution outside the Mac App Store requires notarization since macOS 10.15.5: see https://developer.apple.com/news/?id=04102019a.
Notarization means signing the code and uploading it to Apple. Apple will perform some magic checks and list it in some internal database.
Notarization requires a Developer ID certificate: see https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution/resolving_common_notarization_issues#3087721 This is different from a certificate you need for app development and App Store distribution (Why, Apple, why?)
To obtain a developer ID certificate you need to fill in the form at https://developer.apple.com/contact/kext, which is the same form used to be able to write kernel extensions. Kernel extensions. (Why, Apple, why?)
When Apple does not respond to your form submission, you need to poke them a few times. And after they denied your request, you can poke all you want, they likely have set up a vertical classification rule immediately thereafter.

But, should you have been able to get your hands on a precious developer ID certificate, these seem to be the steps to follow to successfully notarize your app:

> security unlock-keychain -p PASSWORD !/Library/Keychains/login.keychain-db
> codesign --timestamp="http://timestamp.apple.com/ts01" --options runtime --verbose=3 --force --deep --sign "NAME OF CERTIFICATE" PATH/TO/APP.app
> xcrun altool -u USER_EMAIL -p APP_SPECIFIC_PASSWORD -notarize-app -t osx --primary-bundle-id INVENT_YOUR_OWN_UNIQUE_ID -f PATH/TO/APP.app

The last run will return another ID, of the form abcdef01-2345-6789-abcd-ef0123456789 and you can use that ID to follow up on your notarization request:

> xcrun altool -u USER_EMAIL -p APP_SPECIFIC_PASSWORD  --notarization-info abcdef01-2345-6789-abcd-ef0123456789

You will also get a mail with a link to the notarization results.

I didn't succeed in getting a go, and I'm giving in. I gave up. The next brave soul to run into this may be saved some time after reading this. Good luck, may you succeed where I failed!