Is this going to affect accessing values set using older versions of Valet

Good catch! I've added a commit that adds this field when setting a value, but doesn't require it when reading values out of the keychain.

Note that I've run all macOS tests locally in a signed environment, and they are passing with this latest update. These tests include our tests that Legacy Valet instances can write values that current Valet instances can read. Given that those are passing, I think we're good to go.

Would love to get this fix into a release so that Mac apps can recover from this issue. Can I get another review?

Based on testing, it appears that SecItemAdd is the only place where the kSecUseDataProtectionKeychain property validation is currently occurring. There is some potential for the future appearance of data loss here - specifically if Apple begins to enforce that kSecUseDataProtectionKeychain be included when utilizing SecItemDelete and SecItemCopyMatching as described in the documentation. In this case, items could be written to the Valet, but not read or deleted from it. The fix for this is to specify kSecUseDataProtectionKeychain when reading and deleting.

The trade-off here is that if we kSecUseDataProtectionKeychain on read, we will cause data loss when data is written to a Valet on macOS 10.14 or earlier and the system is subsequently updated to macOS 10.15. Leaving kSecUseDataProtectionKeychain out on read means that we could potentially read in data from a Valet with the same identifier but different accessibility level or access group, since kSecAttrAccessible and kSecAttrAccessGroup only apply when kSecUseDataProtectionKeychain is true.

I've updated this PR to always use kSecUseDataProtectionKeychain, and I've added func migrateObjectsFromPreCatalina() to Valet. I need to add a README blurb on how to use that method still.

Leaving kSecUseDataProtectionKeychain out on read means that we could potentially read in data from a Valet with the same identifier but different accessibility level or access group, since kSecAttrAccessible and kSecAttrAccessGroup only apply when kSecUseDataProtectionKeychain is true.

Upon further investigation, this isn't entirely true. We encode the accessibility in the kSecAttrService, so we can't read data from another Valet with the same identifier but a different accessibility level.

Additionally, since kSecAttrAccessGroup is derived from the identifier, it is impossible to have a Valet with the same identifier but different kSecAttrAccessGroup value.

That said, I still think protecting against a future where Apple enforces the presence of kSecUseDataProtectionKeychain on read or delete.

@NickEntin this PR is now ready for review again.