feat: Unify secure storage backend across platforms

[arjankowski]

This PR updates how the CLI reads and writes secure data so we can avoid repeated macOS Keychain prompts after upgrades.

The key issue is that on macOS, Keychain access control is tied to application identity and signature. When access goes through keytar, it is associated with the current node/box executable identity, and after signed build changes between versions macOS can treat that as a different app and ask for permission again. To make this stable, we now use the keychain library on macOS, which calls the system /usr/bin/security binary, so Keychain access is performed through a consistent process identity.

This change is mainly needed to prevent those upgrade-time prompts and make access to existing environments and tokens reliable.

[coveralls]

Pull Request Test Coverage Report for Build 23089457267

Details

• 108 of 119 (90.76%) changed or added relevant lines in 15 files are covered.
• 3 unchanged lines in 1 file lost coverage.
• Overall coverage decreased (-0.02%) to 84.04%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
src/commands/ai/ask.js	0	1	0.0%
src/commands/ai/extract-structured.js	0	1	0.0%
src/commands/ai/extract.js	0	1	0.0%
src/commands/files/upload.js	5	6	83.33%
src/box-command.js	16	19	84.21%
src/secure-storage.js	57	61	93.44%

Files with Coverage Reduction	New Missed Lines	%
src/box-command.js	3	74.98%

Totals
Change from base Build 23046684263:	-0.02%
Covered Lines:	4979
Relevant Lines:	5666

---

💛 - Coveralls