Adds keychain availability checks for all platforms

[Seeker1437]

Introduces isAvailable function to verify keychain accessibility on Linux, macOS, and Windows.

On Linux, checks Secret Service status
On macOS, ensures a default keychain exists
On Windows, always returns true since CredentialManager is always present.

Enhances platform-specific error handling for better diagnostics.

[codecov]

Codecov Report

Attention: Patch coverage is 72.22222% with 25 lines in your changes missing coverage. Please review.

Project coverage is 76.17%. Comparing base (8846e78) to head (134f68c).

Files with missing lines	Patch %	Lines
src/keychain_mac.cpp	61.11%	9 Missing and 5 partials ⚠️
src/keychain_linux.cpp	68.00%	6 Missing and 2 partials ⚠️
test/tests.cpp	89.65%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master      #46      +/-   ##
==========================================
- Coverage   77.60%   76.17%   -1.43%     
==========================================
  Files           4        4              
  Lines         250      340      +90     
  Branches       75      107      +32     
==========================================
+ Hits          194      259      +65     
- Misses         33       50      +17     
- Partials       23       31       +8     

Flag	Coverage Δ
unittests	76.17% <72.22%> (-1.43%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[hrantzsch]

That looks very good and useful, thanks! I'll take a closer look as soon as I can.
Btw, don't worry about codecov being sad, it's not configured well.

[Seeker1437]

Thanks!

Sorry for forgetting to mark the PR as WIP initially

[hrantzsch]

Thanks a lot for this, very polished and thought-out. I did request a few changes. Don't hesitate to disagree though.

[hrantzsch]

I wouldn't consider any runtime failure here as an indicator of the keychain not being available, and I wouldn't shadow the lower-level errors with the Unavailable error type.

Can we use createQuery to make the query as usual, fail with any errors it might produce, and then only look at whether or not SecItemCopyMatching succeeds as an indicator of isAvailable?

I think we can do without the specific test cases for KEYCHAIN_TEST_FAIL_DICT and KEYCHAIN_TEST_FAIL_STRING too.

[Seeker1437]

I agree that runtime errors should not be masked with Unavailable actually. I am not sure what I was thinking there. However, createQuery can block forever if no keychain exists at the time. This is an attempt to detect the potential of this happening beforehand.

I am okay with removing these test hooks

[Seeker1437]

I think I needed to go back and review I do feel like you're right for everything

[Seeker1437]

My only real thing is that the way I did it is more of a proactive probe... it's confirming the keychain is usable and can help indicate if ceateQuery is not safe to use (due to how it may hang).

By breaking it down to the lowest level parts and testing each step in isolation we can help improve the use experience

[hrantzsch]

Looks great now! I think tests are failing because we need #if defined(KEYCHAIN_LINUX) && defined(SIMULATE_FAILURES) rather than #ifdef ... && ....

You can add the new build flag to the two Run cmake steps in .github/workflows/ci.yml.

Although seeing the errors from running without it, do you think it makes sense to run both configurations in the CI? We could add one more target to the matrix. For example

          - {
            image: ubuntu-24.04,
            coverage: no
            simulate-failures: no
          }

(and simulate-failures: yes for all the others)

[Seeker1437]

Sorry for the delay on this, will be getting this squared tomorrow!