If I perform a receipt validation in my code (and include the Security framework) following Apple's Documentation, am I required to select YES when asked "Have you added or made changes to encryption features since you last uploaded a binary for this product" during the Export Compliance?
And if so, how do I respond to "Is your product designed to use cryptography or does it contain or incorporate cryptography?"
And finally... if the answer is YES to both those questions, how do I answer, "Does your product qualify for any of the exemptions provided in Category 5 part 2?"
Read this. The iOS SDK and Mac OS SDK both have export compliance already, CCATS and all. Please also follow the links on the Export Compliance questionnaire, they provide them so you can look at the exemptions yourself and figure out if it is compliant. If all you're using is Apple's frameworks (no custom encryption) though, the only way you could not be exempted is if any of those clauses at the bottom of the page I linked to applies to you, ie:
EDIT: To summarise (including my comment), you should answer YES and YES, then check the exemptions. As far as I can tell, you should meet one of the exemptions if you aren't using any sort of custom encryption, so you should be able to answer YES to the final question. The list above are clauses that would prevent an application using Apple frameworks from being export compliant.
There's also some good info provided in this answer, covering SNAP-R procedures.