XPC security

[jeff-h]

I've just been reading the slides from Wojciech Reguła's talk "Abusing and Securing XPC in macOS Apps" (https://objectivebythesea.com/v3/talks/OBTS_v3_wReguła.pdf).

He has provided https://github.com/securing/SimpleXPCApp as a secure example of an XPC helper.

There are a few items in his example that I think should be included in this project, since this has been around longer and I suspect many people have used this as a foundation in their apps eg

• SecCodeCopyGuestWithAttributes should not validate using the PID
• the signing requirements should include bundle identifier and minimum version

Unfortunately I feel unqualified to create a PR for this so thought I'd raise the issue here and see what others think.

Related, my earlier issue regarding security: #22