When the app is built just for a friend then you don’t really have to go through the hoops to get your software codesigned. On Windows it’s not the end of the world the way it is on Mac.
However, if you desire to codesign your Windows application you certainly can. The current most cost efficient way is to use Azure Trusted Signing which a number of Xojo users have been investigating and writing about.
Another method is to purchase a code signing certificate from a well known reseller or authority. After a lengthy identity verification you will get a USB key shipped to you that you can sign with. The tools for automation vary by type of USB key. I used SSL.com who issue a YubiKey and instructions for signing with a YubiKey can be found in this thread.
Code signing is optional on Windows at the time of writing. On the “Windows protected your PC” screen your friend can click the “More info” link-text to reveal a “Run Anyway” button.