policy manager: Hegehog policy subscription and application

[mmguero]

@mmguero cloned issue idaholab/Malcolm#573 on 2024-10-01:

sub-item of this meta-issue: "policy manager" for Malcolm and Hedgehog Linux (idaholab#477)

This issue involves how Hedgehog sensors get the contents of policies stored on a Malcolm server.

As it's the way everything else is done, I'm way more inclined to have sensors "pull" policy updates from their Malcolm server, rather than Malcolm "push" the changes to the sensor. Today, a Malcolm instance doesn't really "know" about its hedgehogs, 99% of the data flow goes from the sensor to the aggregator and not vice-versa.

So ideally the configuration works such that the sensor can talk to its Malcolm's Git repositories (see idaholab#572) and "subscribe" (check out) the branches that you want it to use. Then it would periodically pull changes via Git, and apply the changes when they're observed.

I think also you should be able to subscribe to multiple branches, for example, a "global" branch as well as a "local" branch. These would need to be prioritized and then flattened out (which could be done using rsync or something like that).