I ran into this issue as well and was unable to find an answer that I was happy with. You can edit the registry to get the application to install, but that is not a reasonable deployment strategy and the registry settings are there to do exactly what they are doing. Prevent unauthorized click once applications from being installed.
We have a code signing certificate that we use to sign our custom applications. When I got the error the first time we noticed that the Publisher was not populated correctly. We had to correct how the signing certificate was used in the project and recompile. I still got the error, but the publisher information was correct this time.
If I click on the publisher hyper link it prompted me to install the code signing certificate.
You have the choice to store the cert in the Current User or Local Machine stores. If the app is specific to just one user then the Current User store is fine. Each user opening the application for the first time on each machine would have to go through this process. If all users using the machine would need the application then I would opt for Local Machine. You do need administrative rights to install the cert in the Local Machine store.
When installing the cert it gives you the option for Windows to choose where the cert goes or you can force it to place the cert in a specific store. I tried the automatic option first which did not work. It put the cert in the Other People store. I repeated the process and forced the cert into the Trusted Publishers store and then the application was able to open. I did not experiment with publishing the cert to other stores.
My trust manager prompting level registry settings remain disabled.
We proactively deploy our code signing certificate to the Local Machine Trusted Publisher store on all appropriate corporate workstations so that our in-house click once apps work for our employees. If you are creating apps for customers outside of your organization you will probably want to get a third party code signing cert. We only use our apps internal to our network so we used our internal certificate authority to create our code signing cert.