ER: Add support for changing arbitrary keychain passwords on password change

NoMAD would take an array of keychain item names from the preference files.

On first change of the password in NoMAD it would ask the user for permission to add NoMAD to the ACL for each of those keychain entries, and then ensure the keychain entry password is the same as the password that was just used to login via NoMAD. On subsequent password changes, NoMAD would already have access to the keychain items, so no user interaction would be required.

All of this will be done via the SecKeychain APIs to keep the passwords off of the disk, out of the process history and away from prying eyes.

Initial work done in feature branch. Need to dig into how to identify all keychain items we care about. Currently we take a list of services and then look in the keychain for service entries that match the users UPN. This doesn't cover all items however.

Hey Joel. I have one Question. When comes the update for NoMad. That i can update other Keychainentries after password change (AD). Thanks Greets Flo

Joel, Florian came to me on Slack with the question on how to update application passwords in the keychain after updating AD password using NoMAD.

I thought it already did that, but then I found this, which seems to be exactly what he asks for. I told him to ask you here.