update macdestroyer to work with high sierra and recovery key

[googlebot]

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

:memo: Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.

---

• If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
• If your company signed a CLA, they designated a Point of Contact who decides which employees are authorized to participate. You may need to contact the Point of Contact for your company and ask to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the project maintainer to go/cla#troubleshoot.
• In order to pass this check, please resolve this problem and have the pull request author add another comment and the bot will run again.

[keeleysam]

I signed it!

[googlebot]

CLAs look good, thanks!

[tburgin]

Looks like this will only work for folks using crypt. We will need to find a more general solution for APFS crypto users. fdeadduser does still work when I tested on 10.13, but for HFS only. Make sense, some work will have to be done for APFS.

[russellhancox]

Yeah, I'd like to see a solution that doesn't involve having to have the recovery key on disk but given the prevalence of Crypt in the community I'd be OK with merging if you change the condition on line 65 to also check for the presence of the recovery key file.

If we find a way to fix fdeadduser later we can then revert this or only use it as a backup in case fdeadduser fails.

[keeleysam]

I made a bunch of changes that checks for APFS, SIP, and if the user was actually successfully added. Bash is fun.