The codesign command has been installed since 10.6, may even be older. It’s the codesign_allocate that is no longer installed without Xcode. This allows code signatures to be verified.
Agreed, we grab the codesignature when someone asks for support, if someone contacts me with a different code signature or none at all, I assume that I don’t need to prioritize their support as chances are they’ve ripped me off.
We certainly receive less support from cracked versions now-a-days, but at the height of one products sales, I’d get people asking for features and help at least once a week (from a cracked version). My first reply would be that the application appears to be compromised and they need to download a fresh copy, 9 times out of 10 the conversation never went further.