On macOS and Windows, the underlying implementations of the OS APIs that
provide access to keys and certificates are not necessarily thread-safe. Before
this patch, essentially all calls into osclientcerts would be synchronously
forwarded to a single background thread. Unfortunately, the cost of dispatching
and waiting for all of these events was non-trivial, particularly when the vast
majority of them should essentially be no-ops (e.g. when NSS is looking for CA
certificates or trust information, etc.). This patch reworks the implementation
to only dispatch operations involving OS APIs to the background thread.
Differential Revision: https://phabricator.services.mozilla.com/D246520
38d8ac7c5a