Building demo Schematron for catalog and profile formats

[wendellpiez]

User Story:

We are planning a more robust layer for extra-XSD validation of XML content by means of a declarations model or equivalent (see #46).

However, we already have a number of validations that could be usefully deployed in Schematron (possibly one each for catalogs and profiles), both for demonstration and to deliver useful functionality in the meantime.

At least the following could be validated:

1. Internal link checking (see oscal-links.sch in src/utils/schematron
2. Date checking -- full ISO date-time (xsd:dateTime) with time zone (see #399)
3. Restrictions on @name in context (given an implicit or explicit 'oscal' value on @ns
4. Validate that any controls included in the profile that have parameters (in the catalog), have the 'same' parameters in the profile
5. Same for points of insertion in the catalog. Ensure included controls do not have insert elements that don't have corresponding parameters. (Note this is a warning inasmuch as controls can provide default values for parameters so a profile not including one, is not actually an error.)
6. Validate that parameters named in the profile, are used (actually inserted) in controls included in the profile

Goals:

Demonstrate Schematron validation. Provide more checking on these constraints pending a more generalized solution possibly working from Metaschema.

Dependencies:

Reasonably stable data.

Acceptance Criteria

1. A Schematron can be demonstrated for either or both catalog and profile formats, providing useful validations and cross-checks
2. Some documentation has been provided (at least a readme)
3. A PR has been submitted with the Schematron and docs

[wendellpiez]

See requirements for metadata/oscal-version (#57) for another data point to validate.

[wendellpiez]

Also - when a flag is marked as 'primary' on a field, its value may not be equal to the names of any flags permitted on the same field. (Since this will blow up JSON conversion.)