add option to whitelist /var/log files from permission changes

[skullbringer]

Signed-off-by: Xaver Amberger (skullbringer) xaver95amberger@aol.com

Please ensure that you have understood contributing guide
Ensure all commits are signed-by and gpg signed

Overall Review of Changes:
RFE / new feature: add option to whitelist /var/log files from permission changes
In our environment multiple users must be able to write/delete certain application log file data, hence requiring this feature

Issue Fixes:
N/A

Enhancements:

• adds an optional variable rhel10cis_logpermissions_whitelist to exclude log files from permission changes (section 6.2.4.1)
• creates a new variable/fact logfiles_whitelist at runtime from discovered_logfiles.stdout_lines elements matching rhel10cis_logpermissions_whitelist
• whitelist checking works in a single loop without further include_tasks by creating a product of the two lists and comparing each product's two elements
• then creates logfiles_todo from the difference of logfiles_whitelist and discovered_logfiles.stdout_lines, for use in subsequent tasks

How has this been tested?:

• empty list rhel10cis_logpermissions_whitelist (default)
• one or more regex elements in rhel10cis_logpermissions_whitelist
• empty discovered_logfiles.stdout_lines by intentionally breaking find command

[github-actions]

Congrats on opening your first pull request and thank you for taking the time to help improve Ansible-Lockdown!
Please join in the conversation happening on the Discord Server as well.