Epic: `sudo` handling on macOS

This is an extended version of #1127:

We have 3 different levels of users:

1. Regular users without access to sudo (or don’t want to use it)
2. Users with sudo access requiring a password
3. Users with password-less sudo by default

sudo is required for the following operations:

• install vmnet related binaries into /opt/rancher-desktop
• create /etc/sudoers.d/rancher-desktop-lima
• start lima instance using a vmnet instance
• overwrite /var/run/docker.sock
• create symlinks in /usr/local/bin (see #1155)

Right now setting up and using vmnet is not optional, so it is impossible to run Rancher Desktop at all without sudo.

Tasks:

• #1700
• Run in reduced functionality mode when sudo is unavailable
  • #1226
  • #1937
  • #1841
    • #910
• #1225
• Replace use of sudo in code with a setuid helper process
  • This will reduce the frequency of prompts (to once per RD version)
  • For macOS, we may need to see if SMJobBless is a better fit.
  • Ship separate admin-installable package for setuid helper
    • This is to support scenarios where the admin can install things system-wide, but not modify the user configuration.
  • Figure out self-updating of setuid helper
    • Will probably require checking code signing; check if this works with out signing setup
    • Will need to do something for Linux (where there’s no standard code signing beyond the whole package).
• Verify that RD works when installed into $HOME/Applications
• #1128

Related issues:

• #1615
• #1968