Support for storing recovery key in keychain.

[weswhet]

Apologies for the chonker here. Summary of changes below

• Removes old UI components that were used for enabling FileVault pre APFS.
• Adds support for storing the recovery key in the keychain versus on disk. It currently has the default value for this functionality as true. In order to move an existing key to the keychain you'll need to generate a new one.
  There are several configuration options for the keychain in the keychain mostly around ACLs for the item and whether or not it will appear in Keychain.app
• Adds the ability to use a keychain identity for mTLS escrow. If you set the CommonNameForEscrow it will use the native go http lib with a TLS transport config from the keychain. Otherwise it will continue to use curl.
• Bumps version to 6.
• GenerateNewKey can be set with a profile now. It will track the rotation in a separate preference which can be removed to make multiple generations.

[grahamgilbert]

A few points:

• I wonder if the MTLS and non-MTLS functions could be merged - it doesn't seem a huge leap to add the MTLS parts conditionally.
• Please write tests for all the Go you've added.

[weswhet]

@grahamgilbert, I merged together the escrow functionality, and updated the tests. Let me know if there is anything else.