Adding on to this, spctl --master-disable will turn off gatekeeper completely, which I would recommend against, because you shouldn't trust your users to install only safe applications.
Instead you could create a postinstall script after your policy payload xattr -rd com.apple.quarantine /path/to/file
Not only will this remove the "App cannot be run because the developer is unidentified" but it should also suppress the "This is an app downloaded from the internet" prompt. Additionally, if you are building packages yourself instead of distributing the DMG, you can remove the quarantine before bundling the app with the package, then when it's downloaded from Self Service, the Gatekeeper prompt should be suppressed because there is no quarantine attribute.
