Combination of dependabot PRs: mostly to deal with running `go tidy` in
test updating root `go.mod`.

PRs:
1579
1580
1587
1598
1602

Signed-off-by: Hamza El-Saawy <[email protected]>

Signed-off-by: Hamza El-Saawy <[email protected]>

Currently hcsshim is setting an allow all open door policy if
no security policy has been provided.
On the host side, the security policy is hashed and used as
HostData when starting an SNP-uVM. However, guest receives the
aforementioned "open_door" policy and computes hash over it.
As a result, this has doesn't match the LaunchData which is
returned by the attestation report and rightfully so, GCS
rejects the security policy.

Fix this by not special handling empty security policy on the
host side and let the guest decide what to do with it, thus
ensuring that both host and guest compute the hash over the
same thing.

Signed-off-by: Maksim An <[email protected]>

* This commit includes the changes to enable graceful termination of WCOW containers

Signed-off-by: Kirtana Ashok <[email protected]>

* Added regression tests for nanoserver and servercore base images

Signed-off-by: Kirtana Ashok <[email protected]>

* Worked on Kevin's review comments

Signed-off-by: Kirtana Ashok <[email protected]>

* Fixed lint failures

Fixed lint errors caused by spelling mistakes in hcsdoc_wcow.go and stopcontainer_test.go

Signed-off-by: Kirtana Ashok <[email protected]>

* Addresses Kevin's review comments

Signed-off-by: Kirtana Ashok <[email protected]>

Signed-off-by: Kirtana Ashok <[email protected]>

Signed-off-by: Kirtana Ashok <[email protected]>
Co-authored-by: Kirtana Ashok <[email protected]>

Add 20H2 container to testing constants for completeness, since mcr has
corresponding nanoserver and servercore images.

Add test constants with codenames (RS5, 20H1, etc.) and server LTSC
builds to make selection easier.

Update `"osversion"` constants with 22H2 for Windows 10 & 11.

Add aliases in `"osversion"` for version numbers and LTSC server builds
to ease confusion between build code names and versions.

Signed-off-by: Hamza El-Saawy <[email protected]>

Signed-off-by: Hamza El-Saawy <[email protected]>

Go includes dependencies in tools.go as an indirect
dependency when other packages import hcsshim.
Remove `github.com/josephspurrier/goversioninfo/cmd/goversioninfo`
since upstream consumers shouldn't need it.

Signed-off-by: Hamza El-Saawy <[email protected]>

Signed-off-by: Hamza El-Saawy <[email protected]>

* Adding a simulator + regopolicyinterpreter.

This PR separates all the interaction with Rego into its own extractable package
called `regopolicyinterpreter`. Instead of calling Rego directly,
the `securitypolicy` package now uses this package to implement Rego policies.
Separating out the Rego interpreter behavior in this way allows the same
code to be used by a new `policyenginesimulator` tool, which provides the
ability to simulate security policy execution on the command line.

`regopolicyinterpreter` exposes various Rego things like modules and metadata
in a typed way to make them easier to work with:
    - `RegoPolicyInterpreter` is the main interface
    - `RegoModule` is a standalone Rego module that can be included in the
       policy execution. There are `AddModule` and `RemoveModule` methods for
       modifying the interpreter to include various modules.
    - `RegoQueryResult` wraps the results that come from the Rego policy with
       some useful methods for extracting scalar data types
       (i.e. `bool`/`int`/`float`/`string`)
    - `EnableLogging` provides a way to get multiple levels of policy logging
      for debugging purposes, ranging from `Info`, which will output prints that
      come from the Rego policy itself, to `Metadata`, which will dump the
      entire policy metadata structure to the log with each interaction. This is
      primarily intended for offline use (e.g. by the simulator).

The `policyenginesimulator` tool uses `RegoPolicyInterpreter` to simulate
policy enforcement. Usage:

```
  -commands string
        commands JSON
  -data string
        initial data state
  -log string
        log path
  -logLevel string
        None|Info|Results|Metadata (default "Info")
  -policy string
        policy Rego
```

The commands JSON allows the user to specify the type and order of the commands
send by the host to the guest that will interact with the simulated policy, for
example:

``` json
[
    {
        "name": "load_fragment",
        "input": {
            "issuer": "did:web:contoso.github.io",
            "feed": "contoso.azurecr.io/custom",
            "namespace": "custom",
            "local_path": "custom.rego"
        }
    },
    {
        "name": "mount_device",
        "input": {
            "target": "/mnt/layer0",
            "deviceHash": "16b514057a06ad665f92c02863aca074fd5976c755d26bff16365299169e8415"
        }
    },
    {
        "name": "mount_overlay",
        "input": {
            "target": "/mnt/overlay0",
            "containerID": "container0",
            "layerPaths": [
                "/mnt/layer0"
            ]
        }
    },
    {
        "name": "create_container",
        "input": {
            "containerID": "container0",
            "argList": [
                "/pause"
            ],
            "envList": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "TERM=xterm"
            ],
            "mounts": [],
            "workingDir": "/",
            "sandboxDir": "/sandbox",
            "hugePagesDir": "/hugepages"
        }
    }
]
```

Signed-off-by: Matthew A Johnson <[email protected]>

This will be used in a "clean-room" scenario for use to security policy generation. Clean-room in this instance is for generating a security policy on computers without internet access or the docker daemon (or similar) running.

The &tag passed in defaults to "latest" if only the image name is passed in. If the value of the tag is nil, the tarball must only have one image in it. Otherwise, many images can be stored in the tarball and be searched by their image name and tag.

Signed-off-by: Seth Hollandsworth <[email protected]>