Watchmaker

**Summary**:

* Adds doc section on troubleshooting Watchmaker, to include common errors, issues,
and relevant log files
* Updates AWS provider to support EC2 instances configured for only IMDSv2
* ash-linux-formula
- Addresses additional STIG findings for EL7 and EL8
* join-domain-formula
- Resolves issue with collision detection when deploying a new system
with a hostname that already exists in the domain
- Corrects usage of StartTLS when searching for a computer object in the
domain
- Provides several new options for controlling whether TLS is used when
searching for a computer object in the domain, and whether an error will
be treated as fatal or not

**Summary**:

* Updates guidance on Linux STIG findings relating to SELinux context and sudo
privilege escalation
* ash-linux-formula
- Adds additional guidance on pillar content usage
- Adds additional EL7 STIG handlers
- Removes duplicate EL7 STIG handlers for audit rules
* forescout-secure-connector-formula
- Adds state to ensure correct directory ownership
* join-domain-formula
- Updates sssd to support a variety of conf parameters
* scap-formula
- Updates DISA SCAP content

**Summary**:

* Fixes issue with standalone binary on FIPS-enabled EL8 systems, by packaging
libcrypto and libssl libraries in the binary

**Summary**:

* Adds support for salt 3006
* Builds standalone executable using Python 3.10
* Documents additional expected findings for EL8 systems
* Uses Python 3.10 in all documentation references
* Updates default config to use salt 3006.1
* Uses SCC 5.7.1 in default salt content
* ash-linux-formula
- Simplifies logic for managing faillock.conf
* ash-windows-formula
- Updates custom modules for compatibility with Salt 3006 while remaining
backwards compatible with salt 3005 and earlier
* splunkforwarder-formula
- Sets splunk user/group on files and directories, eliminating "Changes"
when re-executing the formula

**Summary**:

* Fixes typo in upload of Windows standalone binary to GitHub Releases
* Documents known/spurious EL8 findings that scanning utilities may flag
erroneously
* Fixes the check that skips reinstalling salt when the correct version is
already installed
* Publishes EL8 scap scans as a release artifact to `watchmaker.cloudarmor.io`,
alongside the standalone binaries
* Updates scap pillar in default salt content to run scans properly on CentOS
Stream and scap version 1.3
* ash-linux-formula
- Fixes oscap remediation on CentOS Stream 8 and Oracle Linux 8
- Addresses numerous additional STIG findings on EL8 systems that were not
addressed with oscap remediation
- Attempts to address EL8 issue with aws-cli, where fapolicyd blocks execution
* forescout-secure-connector-formula
- Establishes symlink so logs are written to `/var/log` partition
* scap-formula
- Updates openscap content to v0.1.67, using scap 1.3 datastreams. This also
addresses issues with expiry on passwordless local users

**Summary**:

* Releases support for EL8 platforms, to include Red Hat 8, CentOS 8 Stream, and
Oracle Linux 8. Future work may also add support for Rocky Linux 8 and Alma
Linux 8
- CAVEAT: With this release, on FIPS-enabled EL8 systems, please use the
[PyPi install or the source install methods](https://watchmaker.cloudarmor.io/en/stable/installation.html).
Currently, the standalone method for EL8 **does not** work when the system
is FIPS-enabled. The problem is not yet entirely understood. Further investigation
is needed before this issue can be resolved
- UPDATE: The issue with FIPS-enabled EL8 and the standalone binary is fixed
in Watchmaker 0.27.3
* Updates salt worker to avoid re-installing salt when `salt-call --version`
matches the `salt_version` in the Watchmaker config
* Updates EL7 findings documentation to line up with latest stig version
* Installs `dnspython` package when using default Watchmaker config, to support
the join-domain `nsupdate` state
* ash-linux-formula
- Adds handlers to address findings in latest stig versions and increase coverage
* mcafee-agent-formula
- Adds a `trellix-agent` salt state to support the new name for the software
* join-domain-formula
- Linux: Adds an `nsupdate` salt state that will register forward and reverse
dns records
- Windows: Updates collision handling and join actions to use the same domain
controller
- Windows: Supports collision handling where an existing computer object
was created by a different service account than is now specified for the
join action
* winrepo: Adds a `trellix-agent` package definition