EdDSA upgrade is here

The DSA algorithm that has been used by Sparkle so far is considered outdated. We're migrating to a newer, more secure EdDSA (ed25519) signatures. We still support DSA signatures for existing applications, but all new apps should use EdDSA from now on.

We now use macOS Keychain to automatically store private EdDSA keys, which is more convenient and more secure.

• Added support EdDSA (ed25519) signatures (Kornel)
  • Both old DSA and new EdDSA are still supported (and old apps can use both), but new applications should use EdDSA only, and we recommend migrating away from DSA signatures.
• generate_keys is now a Swift tool that stores EdDSA private keys in the Keychain
  • Existing apps can continue using their old DSA keys, but we've dropped support for generation of old DSA keys
  • The public EdDSA key is not a file any more. It's a string to copy&paste into Info.plist
• sign_update is now a Swift tool that signs using EdDSA from private keys in the Keychain
  • The old DSA-based signing script has been moved to bin/old_dsa_scripts
  • The old DSA-based signing script has been fixed to work on pre-10.13 systems (Thomas Tempelmann)
• generate_appcast has been updated to support EdDSA signatures
  • It can sign both DSA (if dsa_priv.pem file is specified) and EdDSA from Keychain
  • The tool now uses Caches directory and doesn't generate unnecessary delta files
• Fixed verification of delta updates on filesystems that change permissions of symlinks
• Fixed NSURLSession leak (Michael Ehrmann)

Known issues

• generate_keys, sign_update, and generate_appcast prompt for Keychain access permission every time.