Fix adding certificates with empty password to keychain on macOS 15.1

[priitlatt]

This is a continuation of #428

On macOS 15.1 security import -f pkcs12 fails when trying to import PKCS#12 containers that have been exported from Keychain Access using empty passphrase:

% security import certificate.p12 -f pkcs12 -k kc.keychain-db -P '' -T /usr/bin/codesign -T /usr/bin/productsign                                            
security: SecKeychainItemImport: The user name or passphrase you entered is not correct.

Importing the same container with OpenSSL format specifier using -f openssl option is successful.

Updated actions:

• keychain add-certificates

[priitlatt]

QA notes

I tested it using two PKCS#12 containers containing the same certificate. Both were exported from Keychain Access with empty password - one on macOS 14.7 and the other on macOS 15.1. The following workflow was used for testing in Codemagic:

codemagic.yaml

workflows:
  add-certificates:
    inputs:
      certificate_name:
        description: Certificate name
        type: choice
        options:
          - certificate-macos-14-7-export.p12
          - certificate-macos-15-1-export.p12
      xcode:
        description: Xcode version
        type: choice
        default: latest
        options: [latest, 16.2, 16.1, 16.0, 15.4, 15.3, 15.2, 15.1, 15.0]
    environment:
      xcode: "${{ inputs.xcode }}"
    scripts:
      - python -m pip install --upgrade https://github.com/codemagic-ci-cd/cli-tools/archive/refs/heads/bugfix/keychain-add-certificates-on-macos-15-1.zip
      - keychain --version
      - keychain initialize
      - keychain add-certificates --certificate ${{ inputs.certificate_name }} --verbose
      - keychain list-certificates | jq

Both certificates were successfully added to keychain regardless of Xcode and macOS (14.7, 15.0 and 15.1) versions.

[fran-tirapu]

LGTM