Watchmaker

**Summary**:

* Add watchmaker config argument `computer_name_pattern`, and exit with error
if provided `computer_name` does not match. Also writes grain for use with
name-computer-formula
* Updates default watchmaker config to use salt 3006.2
* Documents customization options for the watchmaker salt content
* Documents workarounds for known "gotchas" when applying EL7 and EL8 STIG controls
* ash-linux-formula
- Supports customization for mapping users to different SELinux contexts
- Removes el7 and EL8 STIG handlers that are now provided by SCAP remediation
content
- Consolidates all separate EL8 PAM handlers to states based on new authselect
capabilities
* join-domain-formula
- Adds support for `tries` option that retries a failed join domain action
- Integrates with ash-linux PAM handlers to apply STIG controls, if available
* trellix-agent-formula
- Refactors firewalld states around newer salt functionality
* name-computer-formula
- Supports reading pattern from salt grain

**Summary**:

* Adds doc section on troubleshooting Watchmaker, to include common errors, issues,
and relevant log files
* Updates AWS provider to support EC2 instances configured for only IMDSv2
* ash-linux-formula
- Addresses additional STIG findings for EL7 and EL8
* join-domain-formula
- Resolves issue with collision detection when deploying a new system
with a hostname that already exists in the domain
- Corrects usage of StartTLS when searching for a computer object in the
domain
- Provides several new options for controlling whether TLS is used when
searching for a computer object in the domain, and whether an error will
be treated as fatal or not

**Summary**:

* Updates guidance on Linux STIG findings relating to SELinux context and sudo
privilege escalation
* ash-linux-formula
- Adds additional guidance on pillar content usage
- Adds additional EL7 STIG handlers
- Removes duplicate EL7 STIG handlers for audit rules
* forescout-secure-connector-formula
- Adds state to ensure correct directory ownership
* join-domain-formula
- Updates sssd to support a variety of conf parameters
* scap-formula
- Updates DISA SCAP content

**Summary**:

* Fixes issue with standalone binary on FIPS-enabled EL8 systems, by packaging
libcrypto and libssl libraries in the binary

**Summary**:

* Adds support for salt 3006
* Builds standalone executable using Python 3.10
* Documents additional expected findings for EL8 systems
* Uses Python 3.10 in all documentation references
* Updates default config to use salt 3006.1
* Uses SCC 5.7.1 in default salt content
* ash-linux-formula
- Simplifies logic for managing faillock.conf
* ash-windows-formula
- Updates custom modules for compatibility with Salt 3006 while remaining
backwards compatible with salt 3005 and earlier
* splunkforwarder-formula
- Sets splunk user/group on files and directories, eliminating "Changes"
when re-executing the formula

**Summary**:

* Fixes typo in upload of Windows standalone binary to GitHub Releases
* Documents known/spurious EL8 findings that scanning utilities may flag
erroneously
* Fixes the check that skips reinstalling salt when the correct version is
already installed
* Publishes EL8 scap scans as a release artifact to `watchmaker.cloudarmor.io`,
alongside the standalone binaries
* Updates scap pillar in default salt content to run scans properly on CentOS
Stream and scap version 1.3
* ash-linux-formula
- Fixes oscap remediation on CentOS Stream 8 and Oracle Linux 8
- Addresses numerous additional STIG findings on EL8 systems that were not
addressed with oscap remediation
- Attempts to address EL8 issue with aws-cli, where fapolicyd blocks execution
* forescout-secure-connector-formula
- Establishes symlink so logs are written to `/var/log` partition
* scap-formula
- Updates openscap content to v0.1.67, using scap 1.3 datastreams. This also
addresses issues with expiry on passwordless local users