Use a custom PFX/PKCS12 loader/exporter on non-Windows platforms

[bartonjs]

We have a slew of bugs related to inconsistencies between the Windows PFX loader (PFXImportCertStore), the Unix PFX loader (PKCS12_parse), and the macOS PFX loader (SecItemImport), and their paired export functions:

• PlatformNotSupportedException on Unix when exporting multiple private keys in a single PFX #15004
• Not all private keys are available when importing a PFX with multiple private keys on Unix #15005
• CryptographicException on Unix when exporting an empty collection as a PFX #15006
• X509Certificate2/OpenSSL: Unable to open PKCS#12 files with no password and no MAC #18254
• [dev/apple_crypto] Cannot export as PFX when collection (or cert) has no private keys #20448
• X509Certificate2/CommonCrypto: Unable to open PKCS#12 files with no password and valid MAC #23635
• X509Certificate2/CommonCrypto: Exporting a certificate without a private key to a PKCS12 store with a password fails #23636
• macOS cannot create PFX with a mix of HasPrivateKey and !HasPrivateKey certs #24702
• X509Certificate2.Export() in Linux adds a multiple localKeyID bag attribute #26750
• X509Certificate2 fails to import ECDSA private key from Pkcs12 on Linux #27130
• Make SSL handshake failures diagnosable #29518

(And probably others)

Now that we have experience with manually loading PKCS#12/PFX content (the Pkcs12Info class) and writing it (Pkcs12Builder), we should just use a custom loader and unify the experience across the platforms.

[danieljsummers]

I'll second that. Just ran into the same issue with .NET Core 2.2.6; thankfully, it was just the www-data user that was affected. I can run the process as another non-root user, which is a fine workaround.