Updates for Apple Root Program v2.0

[aarongable]

The Apple Root Program is planning on publishing an overhaul of its program requirements. Several of the changes require us to make corresponding changes to our CP/CPS. This bug exists to track those changes.

---

CA Owners MUST incorporate and commit to compliance with the Baseline Requirements applicable to their designated Trust Purpose(s) in their CP/CPS document.

Effective 2027-07-01, all policy documents MUST adhere to the following:

1. Format: Documents MUST be a combined Certificate Policy and Certification Practice Statement (CP/CPS) in MarkDown format with .md file extension. The Markdown file is the authoritative version in CCADB. CA Owners MAY publish additional formats for convenience.
2. Content Integrity: Each CP/CPS document MUST be self-contained with respect to the CA Owner's specific practices and procedures. The CP/CPS MUST describe the CA Owner’s practices for meeting applicable requirements, including any CA‑specific or additional requirements. The CP/CPS MUST NOT rely on incorporation by reference to external operational standards. Even if an operational standard permits incorporation by reference, this policy supersedes that allowance.
3. Trust Purpose Scoping:
   • Each CP/CPS document MUST be scoped to a single Trust Purpose (as defined in Appendix A).
   • The Trust Purpose and required EKU(s) MUST be stated in Section 1.4 of the CP/CPS.
   • A Root CA Certificate hierarchy supporting multiple Trust Purposes MUST provide a distinct CP/CPS document for each Trust Purpose.
   • Multiple Root CA Certificate hierarchies MAY reference the same CP/CPS document if they share the same Trust Purpose.