Roadmap: hosted macOS CI runner for Swift broker end-to-end tests

[jmcte]

Context

docs/NATIVE_ONLY_REDESIGN.md line 227 notes that "the macOS build cannot be exercised from CI on Linux." Today the Swift broker (native-app/Sources/NativeAppLib/AuthenticationServicesBroker.swift) is only validated through BrokerCoreTests with a StubCredentialBroker. The actual ASAuthorizationController path is not exercised in CI.

Issue #40 is already open for Extended Validation OpenSSL/pkg-config issues on the macOS runner — that's a related but narrower bug. This roadmap item is broader: stand up a macOS runner with the build/test matrix needed to exercise the real broker, signing, and notarization pre-flight on every PR (or a nightly cadence).

Proposed Fix

• Provision a self-hosted macOS runner (or evaluate GitHub-hosted macos-latest for cost/throughput).
• Add a workflow (or extend extended-validation.yml) that runs xcodebuild against native-app/, executes the Swift test suite, and exercises the Rust+Swift IPC contract end-to-end against a debug-signed bundle.
• Gate notarization-pre-flight checks (codesign verify, entitlements diff) here rather than only at release time.

Acceptance criteria

• CI runs xcodebuild test against native-app/ on every PR or nightly, with results reported.
• At least one E2E test exercises the real ASAuthorizationController path against a stub identity provider.
• Codesign + entitlements diff runs as a CI gate before tag.
• Coordinated with Fix Extended Validation OpenSSL/pkg-config setup on macOS runner #40 (OpenSSL/pkg-config provisioning) and Feature: add Apple notarization step to release CI pipeline #7 (notarization).