In El Capitan and earlier it's possible to code sign an application using a self-signed identity created with the Certificate Assistant in Keychain Access and the app would reap many benefits of being signed, for example access to keychain items without being prompted. In Sierra this appears to have changed so if a self-signed application creates a new keychain item, then later a modified version of the same application signed with the same identity using the same app identifier is not allowed to read the previously created keychain item without being prompted for access. If instead the same test is carried out using an app signed with an Apple Developer Program dev certificate/identity, no keychain access prompts are shown and the app is recognized and allowed access.
Have looked at TN2206, but haven't found any documentation around this new behavior and whether it's somehow possible to work around using self-signed identities, or if the only way forward in Sierra is to move to Apple dev certs for uninterupted keychain access during development?