Add Support for Setting Policy Rules

[kraker]

Feature request - Add support for setting policy rules by creating /etc/fapolicyd/rules.d/ rules files.

I would imagine this could work similarly to how the fedora.linux_system_roles.sudo role works for setting /etc/sudoers.d/ includes.

Currently, if any policies are to be set devoted tasks outside of the role are needed, for example:

---

- name: Fapolicyd
  hosts: all
  become: true
  vars:
    fapolicyd_setup_permissive: true
    fapolicyd_setup_integrity: none
    fapolicyd_setup_trust: rpmdb,file

  pre_tasks:
    # Default deny all except whitelisted. DISA STIG RHEL-09-433016
    - name: Ensure deny-all, permit-by-exception policy
      ansible.builtin.copy:
        dest: /etc/fapolicyd/rules.d/99-deny-all.rules
        content: |
          # Ansible managed
          # RHEL-09-433016 - deny-all, permit-by-exception policy
          deny perm=any all : all
        owner: root
        group: root
        mode: '0640'

  roles:
    - fedora.linux_system_roles.fapolicyd
  

[richm]

https://issues.redhat.com/browse/RHEL-102658

I don't know if we have resources to work on this any time soon, but I've added it to our product backlog. PRs welcome.

[kraker]

@richm I'll see if I can get a PR worked out for this, time allowing.