[SM-1434] - Dynamically-linked bitwarden-c not working for older supported OS versions

[tangowithfoxtrot]

📔 Objective

The bitwarden-c lib is dynamically-linked with the version of GCC/Clang that is installed on the GitHub runner. Using newer runners will result in errors like this, for those that are running older, but still-supported versions of macOS:

object file (/Users/user/go/pkg/mod/github.com/bitwarden/sdk-go@v1.0.0/internal/cinterface/lib/darwin-x64/libbitwarden_c.a[216](8912af01511d326c-sha256-x86_64-macosx.o)) was built for newer 'macOS' version (14.2) than being linked (14.0)

This PR uses MACOSX_DEPLOYMENT_TARGET to support older versions of macOS.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions[bot]]

Checkmarx One – Scan Summary & Details – 6eedc32f-9c78-46a5-a277-00c3a6978195

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Apt Get Install Pin Version Not Defined	/Dockerfile: 9	When installing a package, its pin version should be defined
	Unpinned Actions Full Length Commit SHA	/build-swift.yml: 84	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Using Platform Flag with FROM Command	/Dockerfile: 4	'FROM' instruction should not use the flag '--platform'

Fixed Issues

Severity	Issue	Source File / Package
	Apt Get Install Pin Version Not Defined	/Dockerfile: 9
	Unpinned Actions Full Length Commit SHA	/build-swift.yml: 91

[tangowithfoxtrot]

Is using MUSL on non-Linux an option? I don't think we can.

We tried statically-linking with Clang on macOS, but these libs don't seem to cooperate. As far as I know, we have to dynamically-link them.

[Hinton]

Yea that's not going to work. You can't statically link security-framework. Did you try setting minimum macosx-version per https://stackoverflow.com/a/63397340?

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 58.18%. Comparing base (05b2620) to head (d6ce1cf). Report is 6 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #1034 +/- ## ======================================= Coverage 58.18% 58.18% ======================================= Files 197 197 Lines 13487 13487 ======================================= Hits 7847 7847 Misses 5640 5640 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[tangowithfoxtrot]

Thanks, @Hinton. Using MACOSX_DEPLOYMENT_TARGET allows us to run on older macOS versions and lets us keep the macOS on macos-13.