Switch to evaluating the live `SecCodeRef` when authorizing new execs

[mlw]

trafficstars

The SNTPolicyProcessor via MOLCodesignChecker currently evaluates the SecStaticCodeRef of a file path when a new exec is authorized. This is a legacy limitation from when Santa deployed its own kext and used the available Kauth hook since the new process wasn't completely setup yet.

Now that Santa is using the EndpointSecurity framework, the ES exec hook should not have this same limitation and we can move to using the SecCodeRef.

[pmarkowsky]

What's involved in changing this over? Is it as simple as changing the type or is there more to rewrite?