Add macOS support

[cormacrelf]

Fixes #5

As noted there, there is a bug where you can get a SIGSEGV when using this with sudo and hitting Ctrl-C. I don't know if this is macOS specific.

Needs documentation but basically add this to some /etc/pam.d file.

# sudo: auth account password session
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
# add this line here
auth       optional       pam_duress.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

The installer will copy the PAM module to /usr/local/lib/pam because /usr/lib/pam is not writable even with sudo with SIP enabled. I think that's what's happening anyway.

Includes a couple of incidental changes which I think are appropriate anyway:

• Changes the binary installation path to /usr/local/bin
• Various makefile improvements
• Renames pam_duress.o to pam_duress.so
• A format warning zapped

[nuvious]

Thanks again for your contribution! Updated the change log with an attribution statement and version file accordingly. Please double check the OSX compatibility from the latest main v1.1.1 to ensure the privilege escalation vulnerability (Issue 1) is resolved on OSX and/or the fix for it didn't break the OSX compatibility. If either is the case feel free to open up a new issue.

[cormacrelf]

It does fix it, yes.

pam-duress on  main took 1m2s ❯ sudo pam_test cormac
Password:
hello from duress, who am i? cormac

I will PR a make install fix for what happens when you overwrite the pam module without deleting it first. (Apple considers the binary has been modified and it fails code signature validation. This is a bit dumb but yeah. Classic problem and can really get in the way if it blocks you from using sudo! If anybody messes this up, reboot in single user mode and remove any offending lines from the pam.d files. If you can fix it without doing that, the permissions on the .so are not constrained enough.)