Fix bootstrap token check and secure token status guard logic

- Fix bootstrap token escrow check to actually execute the command instead of echoing a literal string
- Populate SECURE_TOKEN_STATUS variable so disabled/unknown user guards work correctly

Author: theneiljohnson

macOS/Config/Bootstrap Token/fixBootstrapToken.sh

@@ -41,7 +41,7 @@ function print_status {
 }
 
 # Check if the boostrap token was ever escrowed. If not, stop early as success.
-if echo "profiles status -type bootstraptoken" | grep -q "Bootstrap Token escrowed to server: NO"; then
+if profiles status -type bootstraptoken 2>&1 | grep -q "Bootstrap Token escrowed to server: NO"; then
     exit 0
 fi
 
@@ -50,6 +50,9 @@ if cat "$logdir/checkBootstrapEscrow.log" | grep -q "Bootstrap Token validated."
     exit 0
 fi
 
+# Check secure token status for the admin account
+SECURE_TOKEN_STATUS=$(sysadminctl -secureTokenStatus "$ADMIN_USERNAME" 2>&1)
+
 # Fail early if the account provided does not have secure token enabled
 if echo "$SECURE_TOKEN_STATUS" | grep -q "Secure token is DISABLED"; then
     echo "$(date) | Secure token is disabled for $ADMIN_USERNAME. Not proceeding."