Implement support for externally developed plugins

[jpower432]

Continuing the conversation originating from https://github.com/oscal-compass/compliance-to-policy/issues/23. The goal would be enable plugins to be developed externally without having to recompile C2P and reuse the plugins being developed in C2P Python.

Objectives

Define a plugin interface will allow externally developed plugins to be used with C2P core while allowing the reuse of existing plugins being developed in C2P Python.

Based on previous conversation with @yana1205, proposing the core plugin management logic be implemented in Go and the use of RPC based plugins.

Rationale

• External plugins allow more flexibility on what types of automation can be integrated and can be helpful when the automation or policy engine implementation is specialized (i.e. not general enough to be contributed back to C2P)
• Less to maintain in C2P and reduces the chance of bloat for every new implementation's dependencies
• Allows plugins to be reused in the different languages C2P supports. For example, the Python Auditree plugin could be reused.

Completion Criteria

I have added some high-level features I am proposing to support below. Some are brand new to C2P and some are based on the features of C2P Python for consistency.

Parity with C2P Python

• [ ] Add a plugin spec for interacting with policy engines (PVP) to include policy generate and results transformation Goal being that it is flexible to allow policy validation
• [ ] Add support for heterogeneous environment use cases meaning that C2P may interact with one or more plugins to get data incorporated into an OSCAL Assessment Result
• [ ] Support the plugin lifecycle (e.g. discovery, registration, initialization, start, stop)

New

• [ ] Add a plugin spec for interacting with remediation engines to provide remediation instructions/artifacts or implementation to remediate findings detected and stored in OSCAL Assessment Results during the scanning process. Proposing that the default behavior with no finding input be that all configured remediation data be generated or implemented.
• [ ] Add support for Assessment Plan as an input for RuleSet information (This may be partially implemented in oscal-sdk-go as a transformation from Component Definitions to Assessment Plans)

[jpower432]

Adding a link to my fork where I am testing out some of these concepts - https://github.com/jpower432/compliance-to-policy-go/tree/feat/v2-module/v2