Description
It seems we regressed some of the work we did for .NET 7 around improving the developer experience on macOS, specifically the change to have Kestrel load the developer HTTPS cert (i.e. the one created by dotnet dev-certs https) from a .pfx file on disk rather than from the macOS Keychain in order to avoid Keychain Access prompts for every new ASP.NET Core app created that's run with the https launch profile.
The regression was made in PR #43358 with the code change meaning that the matching dev cert from the Keychain is always preferred over the dev cert loaded from the .pfx file.
We'll need to ensure that when the dev cert is being loaded for the purpose of a Kestrel HTTPS endpoint, that the file on disk is preferred. Other scenarios (e.g. operations performed by dotnet dev-certs https) will likely require the cert to be loaded from the Keychain (at least the scenario that involves exporting it from the Keychain to a .pfx file on disk will 😄), but the details of that will need to be determined and confirmed.