[PM-27641] Enable signature validation (#17150)

Enables the currently disabled signature validation. This is a blocker for release.

apps/desktop/desktop_native/bitwarden_chromium_import_helper/src/windows.rs

@@ -38,7 +38,7 @@ mod windows_binary {
                 Pipes::GetNamedPipeServerProcessId,
                 Threading::{
                     OpenProcess, OpenProcessToken, QueryFullProcessImageNameW, PROCESS_NAME_WIN32,
-                    PROCESS_QUERY_INFORMATION, PROCESS_VM_READ,
+                    PROCESS_QUERY_LIMITED_INFORMATION,
                 },
             },
             UI::Shell::IsUserAnAdmin,
@@ -65,7 +65,7 @@ mod windows_binary {
     const LOG_FILENAME: &str = "c:\\path\\to\\log.txt"; // This is an example filename, replace it with you own
 
     // This should be enabled for production
-    const ENABLE_SERVER_SIGNATURE_VALIDATION: bool = false;
+    const ENABLE_SERVER_SIGNATURE_VALIDATION: bool = true;
     const EXPECTED_SERVER_SIGNATURE_SHA256_THUMBPRINT: &str =
         "9f6680c4720dbf66d1cb8ed6e328f58e42523badc60d138c7a04e63af14ea40d";
 
@@ -138,8 +138,7 @@ mod windows_binary {
         dbg_log!("Resolving process executable path for PID {}", pid);
 
         // Open the process handle
-        let hprocess =
-            unsafe { OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid) }?;
+        let hprocess = unsafe { OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid) }?;
         dbg_log!("Opened process handle for PID {}", pid);
 
         // Close when no longer needed
@@ -332,8 +331,7 @@ mod windows_binary {
     }
 
     fn get_process_handle(pid: u32) -> Result<HANDLE> {
-        let hprocess =
-            unsafe { OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, pid) }?;
+        let hprocess = unsafe { OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, false, pid) }?;
         Ok(hprocess)
     }