[release/9.0-staging] [Apple] Lock over the same object in SafeDeleteSslContext to serialize access to the buffers

[github-actions]

Backport of #117982 to release/9.0-staging

/cc @kotlarmilos

Customer Impact

• Customer reported
• Found internally

The customer started getting a number of crashes in read/write/close paths #124215. The majority of the crashes occur on iOS, but a very similar issue was also observed on Android. All reported crashes were on .NET 9.0.12 and originate from SSL read/close paths, resulting in application crash.

Regression

• Yes
• No

The issue is not a recent regression in .NET 9, but an existing race condition that has been present for some time.
The fix was implemented in .NET 10 as part of #117982 while addressing related issues (#117045, #117950), and this PR backports that fix to .NET 9 servicing.

Testing

Stress and concurrency testing of SSL read/write/close paths on Apple platforms. Manual attempts of the original crash scenarios on iOS and Android, with no crashes observed after the fix.

Risk

Low

The change is narrowly scoped and mirrors an already-shipped fix in .NET 10. It only introduces a dedicated private lock to ensure consistent sync across all code paths accessing shared SSL buffers.

IMPORTANT: If this backport is for a servicing release, please verify that:

• For .NET 8 and .NET 9: The PR target branch is release/X.0-staging, not release/X.0.
• For .NET 10+: The PR target branch is release/X.0 (no -staging suffix).

Package authoring no longer needed in .NET 9

IMPORTANT: Starting with .NET 9, you no longer need to edit a NuGet package's csproj to enable building and bump the version.
Keep in mind that we still need package authoring in .NET 8 and older versions.

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/ncl, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.