Add support to handle group override policies

[snarve]

🐛 Summary

User groups can override settings/policies implemented at OU level. Current implementation does not have support to handle this use case and thus some inherited group level policies may report a false positive in the report.

Each baseline policy needs to be updated to handle this use case.

Next steps:

• Discuss a possible solution to handle this use case
• Design and implement a prototype for one of the baselines
• Research if all the baselines follow similar setting when group level policies are updated
• Add support for the remaining baselines using the prototype as a guideline

Related issues:

• [x] https://github.com/cisagov/ScubaGoggles/issues/191
• [x] https://github.com/cisagov/ScubaGoggles/issues/192
• [x] https://github.com/cisagov/ScubaGoggles/issues/193
• [x] https://github.com/cisagov/ScubaGoggles/issues/195
• [x] https://github.com/cisagov/ScubaGoggles/issues/196
• [x] https://github.com/cisagov/ScubaGoggles/issues/197
• [x] https://github.com/cisagov/ScubaGoggles/issues/198
• [x] #201

[adhilto]

One final todo item for this:

• [ ] After all products have been refactored, remove the FilterEvents function from the utils file. It will be superseded by the FilterEventsOU and FilterEventsGroup functions.

[adhilto]

Method for implementing this (as used in https://github.com/cisagov/ScubaGoggles/pull/204).

1. Modify the SettingChangeEvents events rule to be also save the group name. NOTE: #204 changes this rule in the utils file. So unless your product has a custom SettingChangeEvents rule (Sites and Common Controls), skip this step.
2. Modify the FilterEvents function. Split into two functions, FilterEventsOU and FilterEventsGroup which identify setting changes that apply to OUs and groups, respectively. NOTE: #204 changes this rule in the utils file. So unless your product has a custom SettingChangeEvents rule (Sites and Common Controls), skip this step.
3. For each control that can be set at the group level:
   • Change the NonCompliantOUsX_x rule to use the new FilterEventsOU function
   • Make a copy of the NonCompliantOUsX_x rule. Name it `NonCompliantGroupsX_x"
   • Modify it so that it iterates through utils.GroupsWithEvents instead of OUs
   • Modify it so that it uses the new FilterEventsGroup function
   • Modify the actual value so that it looks like this: {"NonCompliantOUs": NonCompliantOUsX_x, "NonCompliantGroups": NonCompliantGroupsX_x}
   • Modify the report details
   • Modify the status
   • Test and ensure it works as expected
   • Modify existing unit tests so they pass
   • Add new unit tests that check for group changes

The report details should look like this:

    "ReportDetails": concat(" ", [
        utils.ReportDetailsOUs(NonCompliantOUsX_x),
        utils.ReportDetailsGroups(NonCompliantGroupsX_x)
    ]),

Note that the report details will need to be modified again soon for the detailed report epic. If you want to see what the report details would look like with both the group filtering and detailed report enhancements, see GWS.CALENDAR.1.1.

The status should look like this:

Conditions := {count(NonCompliantOUs2_1) == 0, count(NonCompliantGroups2_1) == 0}
Status := (false in Conditions) == false