What is the workflow for code signing an AppleScript applet for Catalina/Big Sur?

I have an applet which installs an add-in for Microsoft Office. It requires automation to send AppleEvents to the PowerPoint application in order to register the add-in with the app. Here's a simplified example:

Code Block 
tell application "Microsoft PowerPoint"
    display alert "bla bla bla"
end tell

I export this from the Script Editor as an Application, with Run Only enabled, and Don't Code Sign.

I then manually sign it in Terminal with these three commands:

Code Block 
xattr -cr "/users/username/documents/myApplet.app"
codesign -f -s "Developer ID Application: bll bla bla" --options=runtime "/users/username/documents/myApplet.app"
spctl --assess -vvv "/users/username/documents/myApplet.app"

Note: --options=runtime is required to set hardened runtime for notarization.

If I don't sign it, when I run the applet Gatekeeper prompts me to allow Apple events with the following message:

"myApplet" wants to control "Microsoft PowerPoint". Allowing control will provide access to documents and data in "Microsoft PowerPoint", and to perform actions within that app.
This script needs to control other applications to run

Don't Allow / OK

and when I click OK the applet runs, displaying the alert.

But after signing and running it, I get the following error:

Not authorised to send Apple events to Microsoft PowerPoint.
Not authorised to send Apple events to Microsoft PowerPoint.(-1743)

System Preferences shows the rule in the Automation tab with the checkbox ticked for myApplet / Microsoft PowerPoint.

If I then remove the signature with the following command, the applet works as normal again:

Code Block 
codesign --remove-signature "/users/username/documents/myApplet.app"

What am I doing wrong?!