[resign.sh] Add healthkit access entitlement to the blacklist and transfer list

[Travolter]

Checklist

• I've run bundle exec rspec from the root directory to see all new and existing tests pass
• I've followed the fastlane code style and run bundle exec rubocop -a to ensure the code style is valid
• I've read the Contribution Guidelines
• I've updated the documentation if necessary.

Motivation and Context

com.apple.developer.healthkit is an entitlement that should also be taken from the App.
Before resigning:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>application-identifier</key>
        <string>application.identifier.healthkitswift</string>
        <key>aps-environment</key>
        <string>production</string>
        <key>beta-reports-active</key>
        <true/>
        <key>com.apple.developer.healthkit</key>
        <true/>
        <key>com.apple.developer.team-identifier</key>
        <string>TEAMID</string>
        <key>get-task-allow</key>
        <false/>
</dict>
</plist>.  

After running resign.sh HealthKit_sample.ipa XXXXX -p "Healthkitswift_test_distribution.mobileprovision" --use-app-entitlements fastlane_resigned.healthkit.ipa:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>application-identifier</key>
        <string>application.identifier.healthkitswift</string>
        <key>aps-environment</key>
        <string>production</string>
        <key>beta-reports-active</key>
        <true/>
        <key>com.apple.developer.healthkit</key>
        <true/>
        <key>com.apple.developer.healthkit.access</key>
        <array>
                <string>health-records</string>
        </array>
        <key>com.apple.developer.team-identifier</key>
        <string>TEAMID</string>
        <key>get-task-allow</key>
        <false/>
</dict>
</plist>

This is obviously not correct, with this patch it's back to the original entitlements.

Description

Added the "com.apple.developer.healthkit.access" entitlements to the list of entitlements that should not be taken from the provisioning profile but from the app.

[googlebot]

CLAs look good, thanks!

[lyndsey-ferguson]

com.apple.developer.healthkit.access seems to be added by Apple as I saw comments in the Apple Dev forums. Does this code remove this entry if it does not appear in the App, but leaves it in if so. Not familiar with how the blacklist works

[Travolter]

Yes, when you use the --use-app-entitlements flag (idk how this translate to the fastlane sigh command, it's slightly different there, with unerscores I think) then it will trigger this code path.

The blacklist will prevent the script from copying over the entitlement from the provisioning profile Which would by default contain the <string>health-records</string> entry. Because this entry in the provision profile means "This profile can sign entitlements that have this value". And the ENTITLEMENTS_TRANSFER_RULES will then be used to copy over from the app's entitlements instead. If it's not in the original app's entitlements, there is nothing to copy over ofcourse.

[lyndsey-ferguson]

Looks good to me.

[joshdholtz]

This looks good to me! 👍

[fastlane-bot]

Hey @Travolter 👋

Thank you for your contribution to fastlane and congrats on getting this pull request merged 🎉
The code change now lives in the master branch, however it wasn't released to RubyGems yet.
We usually ship about once a week, and your PR will be included in the next one.

Please let us know if this change requires an immediate release by adding a comment here 👍
We'll notify you once we shipped a new release with your changes 🚀

[fastlane-bot]

Congratulations! 🎉 This was released as part of fastlane 2.115.0 🚀