It is my understanding that, at this time, it is not possible to notarize a flat package signed with a Developer ID Installer certificate and the workflow for signing installers has not changed in macOS 10.14 Mojave. Is this correct?
Along these lines, is there any reason to notarize an app which is only ever deployed via a signed installer package, given that gatekeeper checks only files with the quarantine bit set?