This PR closes #2964

Description

Ports MASTG-TEST-0072 "Testing App Extensions" from v1 (MSTG-PLATFORM-4) to v2 (MASVS-PLATFORM-1), focusing on App Groups data sharing between iOS app extensions and their containing apps.

Changes

• MASTG-TEST-0291 (static/manual): Verifies app extensions presence, inspects Info.plist for extension types and supported data types, checks App Groups entitlements, and reviews code for shared storage API usage
• MASTG-TEST-0292 (dynamic): Runtime monitoring of shared data access via Frida hooks on UserDefaults, FileManager, and NSPersistentContainer APIs
• MASTG-BEST-0025: Best practices for securing App Groups data (encryption, minimizing sharing, Keychain usage, file protection, integrity validation)
• MASTG-DEMO-0068: Comprehensive demonstration showing App Groups data sharing detection with Swift code samples, configuration files (Info.plist, entitlements), static analysis script, and evaluation of sensitive data in shared storage
• Deprecated v1 test with proper metadata pointing to new tests

Test Structure

Both tests map to MASWE-0053 (IPC/data sharing) with L1/L2 profiles, reference existing techniques (MASTG-TECH-0058, MASTG-TECH-0076, MASTG-TECH-0086), and include prerequisite for identifying sensitive data.

Demo Structure

MASTG-DEMO-0068 provides a working example demonstrating:

• Swift code using UserDefaults(suiteName:) and FileManager.containerURL(forSecurityApplicationGroupIdentifier:) to share data
• Share Extension configuration showing NSExtensionPointIdentifier and NSExtensionActivationRule
• App Groups entitlement configuration
• Automated static analysis detecting sensitive data (emails, tokens, API keys) in shared storage
• Complete evaluation explaining the security implications

[x] I have read the contributing guidelines.

• Fixes MASTG v1->v2 MASTG-TEST-0072: Testing App Extensions (ios) #2964

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.