fix(signing): remove entitlements which I believe caused the app to not launch

The list of additional entitlements have been picked mostly on a
best-guess basis of what's reasonable.

pkg/sign/entitlements.go

@@ -11,11 +11,14 @@ import (
 // DefaultEmacsEntitlements is the default set of entitlements application
 // bundles are signed with if no entitlements are provided.
 var DefaultEmacsEntitlements = []string{
-	"com.apple.security.cs.allow-jit",
+	"com.apple.developer.mail-client",
-	"com.apple.security.network.client",
+	"com.apple.developer.web-browser",
-	"com.apple.security.cs.disable-library-validation",
-	"com.apple.security.cs.allow-dyld-environment-variables",
 	"com.apple.security.automation.apple-events",
+	"com.apple.security.cs.allow-dyld-environment-variables",
+	"com.apple.security.cs.allow-jit",
+	"com.apple.security.cs.disable-library-validation",
+	"com.apple.security.network.client",
+	"com.apple.security.network.server",
 }
 
 //go:embed entitlements.tpl

pkg/sign/entitlements_test.go

@@ -47,11 +47,14 @@ var entitlementsTestCases = []struct {
 	{
 		name: "many",
 		entitlements: Entitlements{
-			"com.apple.security.cs.allow-jit",
+			"com.apple.developer.mail-client",
-			"com.apple.security.network.client",
+			"com.apple.developer.web-browser",
-			"com.apple.security.cs.disable-library-validation",
-			"com.apple.security.cs.allow-dyld-environment-variables",
 			"com.apple.security.automation.apple-events",
+			"com.apple.security.cs.allow-dyld-environment-variables",
+			"com.apple.security.cs.allow-jit",
+			"com.apple.security.cs.disable-library-validation",
+			"com.apple.security.network.client",
+			"com.apple.security.network.server",
 		},
 		//nolint:lll
 		want: undent.String(`
@@ -59,15 +62,21 @@ var entitlementsTestCases = []struct {
             <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
             <plist version="1.0">
               <dict>
-                <key>com.apple.security.cs.allow-jit</key>
+                <key>com.apple.developer.mail-client</key>
                 <true/>
-                <key>com.apple.security.network.client</key>
+                <key>com.apple.developer.web-browser</key>
                 <true/>
-                <key>com.apple.security.cs.disable-library-validation</key>
+                <key>com.apple.security.automation.apple-events</key>
                 <true/>
                 <key>com.apple.security.cs.allow-dyld-environment-variables</key>
                 <true/>
-                <key>com.apple.security.automation.apple-events</key>
+                <key>com.apple.security.cs.allow-jit</key>
+                <true/>
+                <key>com.apple.security.cs.disable-library-validation</key>
+                <true/>
+                <key>com.apple.security.network.client</key>
+                <true/>
+                <key>com.apple.security.network.server</key>
                 <true/>
               </dict>
             </plist>`,
@@ -78,11 +87,14 @@ var entitlementsTestCases = []struct {
 func TestDefaultEmacsEntitlements(t *testing.T) {
 	assert.Equal(t,
 		[]string{
-			"com.apple.security.cs.allow-jit",
+			"com.apple.developer.mail-client",
-			"com.apple.security.network.client",
+			"com.apple.developer.web-browser",
-			"com.apple.security.cs.disable-library-validation",
-			"com.apple.security.cs.allow-dyld-environment-variables",
 			"com.apple.security.automation.apple-events",
+			"com.apple.security.cs.allow-dyld-environment-variables",
+			"com.apple.security.cs.allow-jit",
+			"com.apple.security.cs.disable-library-validation",
+			"com.apple.security.network.client",
+			"com.apple.security.network.server",
 		},
 		DefaultEmacsEntitlements,
 	)