Sierra keychain access changed

Prior to Sierra if you wanted to create a keychain and grant 'codesign' access to the p12(s) imported you would do this:

security create-keychain -p test test

security unlock-keychain -p test test

security import identity.p12 -k test -P password -T /usr/bin/codesign

security list-keychains -s test

However with Sierra this will result in a modal dialogue popping for each p12 the first time `codesign` access it, which is really annoying and destroys any automation as used on a build farm for example.

However adding the following line after the `security import` fixes this issue.

security set-key-partition-list -S apple-tool:,apple: -k test test

Does anyone know what this is and why it fixes the problem? I've not found any documentation by Apple (as always) as what, how and why this changed in Sierra.

NOTE: Original answer found here: https://openradar.appspot.com/28524119