src: fix FIPS init error handling

[tniessen]

If --enable-fips or --force-fips fails to be applied during ProcessFipsOptions(), the node process might exit with ExitCode::kNoFailure because ERR_GET_REASON(ERR_peek_error()) can return 0 since ncrypto::testFipsEnabled() does not populate the OpenSSL error queue.

This is problematic because an exit code of 0 (i.e., kNoFailure) indicates successful execution of the node command, even though it already failed during initialization. (Error messages also appear to be broken, but fixing that is not as urgent as not pretending that the command succeeded.)

For example, if a user invokes node from within a bash script and NODE_OPTIONS includes --force-fips, the execution of the command will appear to have succeeded even if the actual user script was never executed due to a configuration error.

You can likely test this locally by running

./node --enable-fips ; echo $?

with the current node binary from the main branch if compiled without support for FIPS.

As confirmed by the XXX comment here, which was added three years ago in commit b697160, even if the error queue was populated properly, the OpenSSL reason codes are not really related to the Node.js ExitCode enumeration.

This commit changes the initialization logic to exit with kGenericUserError in this case, since such errors are most likely due to incorrect configuration. It also modifies the existing test case to actually check the exit code of the process, which would have prevented this recent regression.

Considering that the current behavior is incorrect, I'd prefer to merge this as a bugfix rather than a semver-major change.

[nodejs-github-bot]

Review requested:

• @nodejs/startup

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.25%. Comparing base (9eb9c26) to head (04b98a7).
Report is 64 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #58379      +/-   ##
==========================================
+ Coverage   90.23%   90.25%   +0.01%     
==========================================
  Files         633      633              
  Lines      186871   186880       +9     
  Branches    36687    36687              
==========================================
+ Hits       168626   168661      +35     
+ Misses      11046    11025      -21     
+ Partials     7199     7194       -5     

Files with missing lines	Coverage Δ
src/node.cc	73.34% <100.00%> (-0.04%)	⬇️

... and 49 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[tniessen]

Only CI faiure is due to #58353.

[tniessen]

test-blob-slice-with-large-size (#57235) keeps failing, and has failed in 6 of the 8 CI runs on this PR. (The other two CI runs appear to have failed because of other flaky tests.)

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/66991/

[mhdawson]

LGTM

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/67110/