How can I code sign a bundled executable file in a mac app using xcode5

Question 1

I resolved this issue in the following manner:

1) the .plist file was missing the inherit key, so I modified it thus:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
    </dict>
</plist>

that on its own won't do the job, to actually code sign the file I did the following:

archive the app
open xCode's Organizer window
right-click on the archive and select 'Show in Finder' to get its location
With Terminal.app, navigate to its location and then inside the app bundle /Contents/Resources/
Run the following command:

codesign -f -s "$YOUR_CERTIFICATE_HERE" --entitlements "$THE_ENTITLEMENTS_PLIST" "$THE_EXECUTABLE"

for $YOUR_CERTIFICATE_HERE use your 3rd Party Mac Developer Application certificate

Once this is done, the app should upload to iTunes Connect and you will be able to see the relevant code signing information under the 'Binary Details' section.

Question 2

@dmid's answer is correct and works.

But it could be simpler. Let's say the executable is myexe:

create myexe.entitlements file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.inherit</key>
        <true/>
</dict>
</plist>

Run command:

codesign -f -s "$YOUR_CERTIFICATE_HERE" --entitlements "myexe.entitlements" "myexe"

Done!