Add Support for SecureEnclave.P256

[jseibert]

This PR adds support for keys managed by the SecureEnclave on iOS/macOS:

let privateKey = SecureEnclave.P256.Signing.PrivateKey()
let keys = JWTKeyCollection()
await keys.add(ecdsa: ES256EnclavePrivateKey(backing: privateKey))
let jwt = try await keys.sign(payload)
print("JWT:", jwt)

I would love feedback on approach. This was the minimal set of changes I was able to make to add support to the existing library structure.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.43%. Comparing base (ed0532b) to head (6192a35).

Files with missing lines	Patch %	Lines
Sources/JWTKit/ECDSA/ECDSAEnclaveSigner.swift	0.00%	22 Missing ⚠️
Sources/JWTKit/ECDSA/ECDSA.swift	0.00%	9 Missing ⚠️
Sources/JWTKit/ECDSA/JWTKeyCollection+ECDSA.swift	0.00%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #235      +/-   ##
==========================================
- Coverage   83.55%   81.43%   -2.13%     
==========================================
  Files          57       58       +1     
  Lines        1496     1535      +39     
==========================================
  Hits         1250     1250              
- Misses        246      285      +39     

Files with missing lines	Coverage Δ
Sources/JWTKit/ECDSA/ECDSAKeyTypes.swift	100.00% <ø> (ø)
Sources/JWTKit/ECDSA/P256+CurveType.swift	100.00% <ø> (ø)
Sources/JWTKit/ECDSA/JWTKeyCollection+ECDSA.swift	50.00% <0.00%> (-50.00%)	⬇️
Sources/JWTKit/ECDSA/ECDSA.swift	74.60% <0.00%> (-12.44%)	⬇️
Sources/JWTKit/ECDSA/ECDSAEnclaveSigner.swift	0.00% <0.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[0xTim]

@jseibert is the aim to add support for Apple platforms?

Assuming that's the case, there's a few things here. Number one, any mention on the Secure Enclave needs to be gated behind availability checks since it's not available on non-Apple platforms. Second, we can't break the API by changing protocols etc. It should be it's own standalone type

[0xTim]

Oh, and if we're adding it for P256 we should add it for all of them

[jseibert]

Yes, correct! Good call, I will put it behind platform checks.

I can definitely undo the changes to ECDSAPrivateKey - is there anything else that strikes you as a red flag?

It turns out SecureEnclave ONLY supports P256 -- I actually went and tried to add it for all of them before fully reading the docs, but that's the only one exposed, so this is the full implementation.

One other note for you: I was stuck trying to figure out how to write tests for this. They obviously won't run on other platforms, and they really won't run on a Mac either because the key is going to be different on every machine: you can't instantiate a SecureEnclave key with a known value. Let me know if you have any ideas.

[0xTim]

@jseibert not overly, most of it should be pretty similar to existing keys, we just need availability checks and to make sure we don't break the public API.

In terms of testing, we can run the tests by wrapping them in the same availability checks as the code, since we run the tests macOS and iOS. In terms of how to test, we can create and key then run through the full signing and verification flow with it, testing both success and failure to make sure it all works