feat: added support for reading certificates from macOS system store

[timja]

Fixes #39657

Builds on #44532 but for macOS

TODO:

• Make it work, it works 🥳
• Review that all CF resources are being appropriately released, I think its right now
• Review whether and where tests are appropriate - Added although disabled by default

I can take a look at the Windows one after, resolving the conflicts and addressing the review comments as well.

---

Happy to refactor heavily, I haven't used c++ before and I wrote it initially in objective c and ported it across.
This is heavily based upon chromium and some of OpenJDK along with a PR I have open with OpenJDK

---

Testing

I'm using https://github.com/timja/openjdk-intermediate-ca-reproducer as a reproducer:

docker compose up --build

Install the certificates, either by adding to keychain manually (see README) or using /usr/bin/security (see what the test is doing in this PR.

main.js

let resp = await fetch("https://localhost:8443");
console.log(resp.status); // 200
console.log(resp.headers.get("Content-Type")); // "text/html"
console.log(await resp.text()); // "Hello, World!"

/Users/$USER/projects/node/out/Release/node --use-system-ca main.js

I've also tested this through a ZScaler MiTM setup.