Nested frameworks

[dvc94ch]

fixes handling of shallow frameworks and finding more than one nested bundle. closes #538

however signing is still broken, fails rcodesign verify and on device verification:

rcodesign verify Flutter
@0: slot digest contains digest for slot not in signature: Rep Specific (6) with digest ed08daa3727ece38a0c509f60000000000000000000000000000000000000000
@0: slot digest mismatch for slot RequirementSet (2); recorded digest 53cd89dc795d06ab3e3cca57e4d5f4d1de0efabbc47dfe2cbd6235a9038a795b, actual e4d5f4d1de0efabbc47dfe2cbd6235a9038a795bf2693c1993c07883c3dfe81e
@0: slot digest mismatch for slot DER Entitlements (7); recorded digest 004e355035565739414a470015eae66996eb7ce078fd8ef6afa747958ea55a45, actual 15eae66996eb7ce078fd8ef6afa747958ea55a45ed08daa3727ece38a0c509f6
@0: slot digest mismatch for slot Entitlements (5); recorded digest 000000000000000000000000b5eefc878df50f951bdacabc82f06ade674f4798, actual b5eefc878df50f951bdacabc82f06ade674f47986cfc800f2792d67d71234c5a
@0: slot digest contains digest for slot not in signature: Application (4) with digest 6cfc800f2792d67d71234c5a0000000000000000000000000000000000000000
@1: slot digest mismatch for slot DER Entitlements (7); recorded digest 004e355035565739414a470015eae66996eb7ce078fd8ef6afa747958ea55a45, actual 15eae66996eb7ce078fd8ef6afa747958ea55a45ed08daa3727ece38a0c509f6
@1: slot digest contains digest for slot not in signature: Rep Specific (6) with digest ed08daa3727ece38a0c509f60000000000000000000000000000000000000000
@1: slot digest contains digest for slot not in signature: Application (4) with digest 6cfc800f2792d67d71234c5a0000000000000000000000000000000000000000
@1: slot digest mismatch for slot RequirementSet (2); recorded digest 53cd89dc795d06ab3e3cca57e4d5f4d1de0efabbc47dfe2cbd6235a9038a795b, actual e4d5f4d1de0efabbc47dfe2cbd6235a9038a795bf2693c1993c07883c3dfe81e
@1: slot digest mismatch for slot Entitlements (5); recorded digest 000000000000000000000000b5eefc878df50f951bdacabc82f06ade674f4798, actual b5eefc878df50f951bdacabc82f06ade674f47986cfc800f2792d67d71234c5a
Error: problems reported during verification

[indygreg]

The break -> continue fixes a logic bug.

But the framework plist change is not correct: https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPFrameworks/Concepts/FrameworkAnatomy.html says that frameworks must have a Resources directory and the Info.plist is within that.

There are a few other reasons frameworks aren't currently signing correctly:

• Each directory under Versions/ needs to be signed as of it is its own bundle.
• The code directory in frameworks appears to be using SHA-1 and an alternate code directory slot is used to record the SHA-256 digests. Why things are this way, I do not know. I'm not sure sure if codesign even allows SHA-256 in the primary code directory.
• Symlinks in frameworks aren't getting preserved properly.
• The top-level directory of versioned frameworks isn't getting ignored by bundle signing like it should be.
• And probably a few more things that I'm forgetting.

My goal for the weekend is to get frameworks signing correctly.