CBL-7156 : Fix iOS cert chain deletion to handle self-signed roots and ensure safe removal

Problem:

In version 3.3.0, we enhanced the TLSIdentity API to support creating identities signed by an issuer. These identities include a certificate chain (leaf + root), all saved into the Keychain. However, when deleting the identity using the persistent label, only the leaf certificate was removed — the root or intermediate certs remained.

The root cause is that the deletion logic in Cert::deleteCert(const std::string &persistentID) relies on checking whether a certificate is an issuer for other certs. Basically, this check skips deleting certificates with multiple children. However, it doesn’t account for self-signed root certs, which are their own issuers, resulting in the root cert not being deleted.

Fixes

* Updated the deletion logic to correctly handle and delete self-signed root certificates.

* To prevent accidental deletion of unrelated certs, we now assign a shared label (kSharedCertLabel) to all non-leaf certificates saved via LiteCore. During deletion, we verify this label to ensure only certs saved by LiteCore are removed.

* In addition, remove the obsolete codes in PublicKey+Apple.mm that supports macOS < 12.0 and iOS < 15.0 (in 3.3.0, we support macOS 12.0+ and iOS 15.0+).

Author: pasin