puma-dev -install can miss adding CA cert to Keychain

[jeremy]

• If you set up a new laptop with migration assistant and don't bring over your Keychain, you'll end up with a valid cert on disk but no CA cert in Keychain.
• Then puma-dev -install will short-circuit on the CA setup step, assuming the cert has been added (and is trusted) because it was generated previously.
• The result is broken https, yet unclear next steps for troubleshooting.

(Similar scenario for folks who purposefully delete the cert from Keychain then wonder why puma-dev -install doesn't regenerate it.)

Deleting the cert (rm -f ~/Library/Application\ Support/io.puma.dev/*.pem) is a work-around, as is puma-dev -uninstall beforehand.

Ideally, we'd check for the cert in Keychain in addition to the pem on disk and add when missing.

[crt-files]

Here's a way to check for the cert in the Keychain:
/usr/bin/security find-certificate -a -c 'Puma-dev CA' | wc -l | /usr/bin/xargs
0 indicates there is no Puma-dev CA in the keychain.
Greater than 0 indicates there is a certificate.