Watchmaker

**Summary**:

* ash-linux-formula
- (EL8) Populates fapolicyd default rules so system remains functional after
applying new stig controls
* ash-linux-formula
- (EL8) Updates systemd boot.mount options for compatibility with UEFI
* scap-formula
- (Linux) Updates openscap content to v0.1.71
- Updates DISA content to latest as of Jan 2024

**Summary**:

* join-domain-formula
- (Linux) Adds a `clean` state to simplify removing a system from the domain
* name-computer-formula
- (Linux) Creates DNS records using nsupdate when `nameserver` and `dns_domain`
are provided
* scap-formula
- (Linux) Updates ComplianceAsCode scap content to v0.1.70

**Summary**:

* Updates Watchmaker default config to use Salt 3006.4
* Documents invalid finding in EL8 for remote access monitoring methods
* ash-linux-formula
- Addresses several EL8 Cat2 findings from recent SCAP scans
* join-domain-formula
- (Linux) Adds cron config that refreshes AD computer object attributes

**Summary**:

* Fixes clobbering of `computer-name` grain when `computer-name-pattern` is also
provided. This prevented the `name-computer-formula` from setting the name
specified by the user
* Updates FAQ to include vendor guidance for EL8.8+
* Adds guidance on OpenSSH key signing requirements for EL8
* ash-linux-formula
- Adds handler to address pam faillock findings on EL8

**Summary**:

* Add watchmaker config argument `computer_name_pattern`, and exit with error
if provided `computer_name` does not match. Also writes grain for use with
name-computer-formula
* Updates default watchmaker config to use salt 3006.2
* Documents customization options for the watchmaker salt content
* Documents workarounds for known "gotchas" when applying EL7 and EL8 STIG controls
* ash-linux-formula
- Supports customization for mapping users to different SELinux contexts
- Removes el7 and EL8 STIG handlers that are now provided by SCAP remediation
content
- Consolidates all separate EL8 PAM handlers to states based on new authselect
capabilities
* join-domain-formula
- Adds support for `tries` option that retries a failed join domain action
- Integrates with ash-linux PAM handlers to apply STIG controls, if available
* trellix-agent-formula
- Refactors firewalld states around newer salt functionality
* name-computer-formula
- Supports reading pattern from salt grain

**Summary**:

* Adds doc section on troubleshooting Watchmaker, to include common errors, issues,
and relevant log files
* Updates AWS provider to support EC2 instances configured for only IMDSv2
* ash-linux-formula
- Addresses additional STIG findings for EL7 and EL8
* join-domain-formula
- Resolves issue with collision detection when deploying a new system
with a hostname that already exists in the domain
- Corrects usage of StartTLS when searching for a computer object in the
domain
- Provides several new options for controlling whether TLS is used when
searching for a computer object in the domain, and whether an error will
be treated as fatal or not