openscap container image: provide option for user to find out what datastreams and profiles are supported

[matusmarhefka]

When scanning for configuration compliance using atomic scan user has no easy way how to find out what datastreams and profiles are supported (bundled inside the openscap container image).

The issue is partialy fixed by added support for atomic help command which at least prints the version of bundled scap-security-guide inside the openscap container image (PR https://github.com/OpenSCAP/openscap-daemon/pull/118).

[matusmarhefka]

I can think of two solutions for this issue:

• Update atomic help command to print all supported datastreams and profiles.
• Change the default behavior that configuration compliance scan without any arguments will print info about supported XCCDF components and profiles of the selected datastream (as we would have the target image for scan, oscapd-evaluate will select the corresponding datastream file and it will print the required info). There might be a problem when scanning multiple images/containers at once (using --images or --all) - in this case we would not print info and rather scan all images with profile selected by user.

[jan-cerny]

Maybe atomic help could print a table, where rows would be unique profile IDs. Example

Available profiles and their applicability
==========================================

Profile ID   | Fedora | EL7 | EL6 |
===================================
pci-dss      |        |  X  |  X  |
common       |    X   |  X  |  X  |
cjis         |        |  X  |     |   
...
...

[matusmarhefka]

@jan-cerny I like the idea with table.