Archiving is the standard way to build a release for distribution using
Xcode. package.sh now uses this option when it creates a release
package.
This change is mainly to keep the Run settings in the Xcode schemes from
affecting the release builds, which means we can commit the schemes with
more sensible settings.
Also, disable AddressSanitizer in the BGMDevice scheme, which was
stopping coreaudiod from launching because its sandbox won't allow the
process to load the AddressSanitizer dylib.
Packages built with package.sh should now be byte-identical except for
timestamps in Assets.car (in BGMApp resources) and modification dates in
the package's Bom file, if built with the same version of Xcode.
Hopefully this will be enough to allow builds to be reproduced, with a
bit of effort.
BGMXPCHelper's install script now creates a user and group for
BGMXPCHelper to run as. This reduces the risk of BGMXPCHelper being used
for privilege escalation.
The "install" action for BGMXPCHelper now checks the owner/permissions
of the installation directory. It also installs BGMXPCHelper's
launchd.plist and "bootstraps" it.
