I write software that is used by a company whose computers are protected with Avast Endpoint Protection. The software consists mainly of Microsoft .NET desktop programs deployed to a server on their LAN using Microsoft’s “ClickOnce” mechanism through VisualStudio.

This is not publicly distributed software where a public “reputation for safety” would be possible. The software is for their internal use only.

With each new version we put up on the server for desktop installation , Avast does a thorough evaluation of the installation package, and sometimes the EXE ends up quarantined. New features are added each day or even several times a day, depending on how urgently a feature is needed. So we are looking for ways to streamline the Avast threat analysis, or even to bypass it.

So I was wondering if we were to purchase a “code-signing certificate” from a bona-fide certificate authority, and sign the software package using that certificate, whether that could cause Avast to ease up on its threat analysis. Would it be worth our while to spend the money on such a certificate, in terms of getting Avast to recognize these programs as posing no threat?

https://msdn.microsoft.com/en-us/library/ms537361(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/jj835835(v=vs.85).aspx

No need to spend money at all.
Simply sign the file(s) yourself.

We are already signing the packages ourselves. But since anyone can do that without proving their bona fides, Avast (rightly) ignores it.

Is there a way to get Avast in particular to trust the certificate (whether self-signed or commercial third party signing certificate) without installing the certificate in the local store of every desktop? Can we tell Avast to trust a certificate?

I can be wrong, but as far as I know avast isn’t ignoring the self signed file(s).

Perhaps these two articles will help you out, if not contact the avast business support.
https://www.avast.com/faq.php?article=AVKB228
https://www.avast.com/faq.php?article=AVKB229