I found a workaround, though it's not ideal: Add an NSAppTransportSecurity exception in my Info.plist, allowing insecure loads for the domain I'm downloading from.

Once the account owner agreed to the Paid Applications Schedule, notarization worked again. Notarization could certainly be made more user-friendly.

When I log in to App Store Connect, I see a notice about "Review the updated Paid Applications Schedule." I wouldn't have thought that something about paid applications should affect notarization, but I bet this is the problem.