If you have a consulting firm you can get an EV. Yes about $1000/year.
Yes it is on a token so it can't be easily shared or stolen. Or if stolen you'll be aware of the fact so you can have it cancelled and get a replacement.
You can login to the token once and then have automated builds that run signtool against it repeatedly. It is still painful as the request/answer from the token is slow, takes a second or two extra to sign anything. So if you are doing multiple signing during your build it will slow down.
It is possible to arrange ssh access (cygwin) into a dedicated windows 10 server that can then doing signing with signtool from the token. So it can be shared to that extent.