Keychain: make verification errors only happen when we're sure it's due to not found

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

WireGuard/Shared/Keychain.swift

@@ -112,6 +112,6 @@ class Keychain {
     static func verifyReference(called ref: Data) -> Bool {
         return SecItemCopyMatching([kSecClass as String: kSecClassGenericPassword,
                                     kSecValuePersistentRef as String: ref] as CFDictionary,
-                                   nil) == errSecSuccess
+                                   nil) != errSecItemNotFound
     }
 }

WireGuard/WireGuard/Tunnel/TunnelsManager.swift

@@ -70,6 +70,7 @@ class TunnelsManager {
                 if let ref = passwordRef {
                     refs.insert(ref)
                 } else {
+                    wg_log(.info, message: "Removing orphaned tunnel with non-verifying keychain entry: \(tunnelManager.localizedDescription ?? "<unknown>")")
                     tunnelManager.removeFromPreferences { _ in }
                     tunnelManagers.remove(at: index)
                 }