Best practice script to package Tenable agents into one .pkg

Goal

User story
As an IT admin,
I want to run a script on my macOS workstation that packages the Tenable agent into one .pkg
so that I can upload this .pkg to Fleet and deploy it on my macOS hosts.

Context

Requestor(s): @noahtalerman

As part of the "Deploy security agents" (#14921) story, Fleet supports uploading one package.

In the Tenable docs, they say...

Extract Install Nessus Agent.pkg and .NessusAgent.pkg from NessusAgent-<version number>.dmg.

Note that these are two pakcages, the Install Nessus Agent.pkg needs the .NessusAgent.pkg in the same directory, otherwise the install fails:

$ sudo installer -allowUntrusted -pkg ~/Downloads/Install\ Nessus\ Agent.pkg -target /
installer: Package name is Tenable Nessus Agent
installer: Installing at base path /
installer: The install failed. (The Installer can't locate the data it needs to install the software. Check your install media or Internet connection and try again, or contact the software manufacturer for assistance. )

Changes

Product

[ ] Write the script that combines the two Tenable packages into one .pkg. In this iteration, we'll supporting running this script on a macOS workstations. Windows and Linux coming soon.
[ ] Add the script to the public repo here: https://github.com/fleetdm/fleet/tree/main/scripts

Engineering

[ ] Database schema migrations: TODO
[ ] Load testing: TODO
[ ] Update guide -> #20179 to point to this script example.

ℹ️ Please read this issue carefully and understand it. Pay special attention to UI wireframes, especially "dev notes".

QA

Risk assessment

Requires load testing: TODO
Risk level: Low / High TODO
Risk description: TODO

Manual testing steps

Step 1
Step 2
Step 3

Testing notes

Confirmation

[ ] Engineer (@____): Added comment to user story confirming successful completion of QA.
[ ] QA (@____): Added comment to user story confirming successful completion of QA.

fleetdm / fleet

Best practice script to package Tenable agents into one .pkg #19021