In older versions of iOS, it's not possible to call `NETunnelProviderManager.loadAllFromPreferences()` from inside the network extension process. We were seeing `NETunnelProviderManager objects cannot be instantiated from NEProvider processes` errors in iOS 16. It's unclear exactly when the change happened to allow it, but as far as we can tell it was in iOS 17.
To Test:
1. On a real device running iOS 16, ensure that enrolling as a Managed Nebula host works correctly.
2. Start the site.
3. Update the host in the admin panel and wait at least 15 minutes for a `checkForUpdate` from the mobile client. You should get a `Host renewed` audit log for the host.
4. Verify that there's a log for "Reloading Nebula" in the mobile host, and that it has an up-to-date config.
This performs the recommended setting updates from xcode, though I needed to turn off `ENABLE_USER_SCRIPT_SANDBOXING` as it does not seem to be fully compatible with flutter.
I also dealt with a warning of: "Extension declares a conformance of imported type 'String' to imported protocol 'Error'; this will not behave correctly if the owners of 'Swift' introduce this conformance in the future", by creating and using some custom error types.
Lastly, I fixed our podfile to ensure that the `IPHONEOS_DEPLOYMENT_TARGET` is at least 12, which is our project setting.
This fixes a few issues:
1) When updates are made, we will no longer create duplicate VPN profiles, rather we will update existing ones.
2) We will correctly update an existing profile when the site is running and an update is received, rather than attempting to create a new profile, which failed due to permissions errors.
3) We will always reload nebula, even if we can't successfully save the VPN profile.
4) The default polling interval of 15 minutes is restored (previously set to 30 seconds during testing).
So far in manual testing I've confirmed that I do not lose the tunnel to my lighthouse even after the original 30 minute expiration of a certificate. This confirms that reloads are occurring correctly. Additionally, duplicate sites are not created when updates occur while the site is disconnected.
