[release/2.1] Suppress the GrayListedLeaf error code on macOS X509Chain

[bartonjs]

This is a port of dotnet/runtime#32895.

Description

Recent change to macOS has caused a new error code to appear during X509Chain building. Since this error code has been identified as not having impact on the .NET X509Chain class, ignore it.

Customer Impact

Without this fix, customers who upgrade their macOS version and build X509Chains against certificates/certificate-authorities which result in the GrayListedLeaf code will get a CryptographicException due to the unmapped error.

Regression?

No, reaction to OS update.

Packaging reviewed?

Required shim library, no packaging impact.

Risk

Low, covered by unit tests (which originally discovered the issue).

[stephentoub]

If memory serves, we've now had several of these servicing needs due to new error codes popping up. Should we revisit the decision to opt-in new codes on demand?

[bartonjs]

Should we revisit the decision to opt-in new codes on demand?

My gut says we have to maintain a defensive posture here. But I opened dotnet/runtime#32941 to track the notion (with a hopeful "maybe there's functionality added to the OS between our old minimum and our new minimum version").