Merge sd-whonix into sd-proxy

Companion PR for client change [1] with the aim of deprecating whonix,
in favor of delegating the tor connectivity aspect to sd-proxy running
arti.

Changes introduced:

1. sd-proxy connects to 'sys-firewall' directly:

    since sd-proxy is now handling tor connections, it must connect
    directly to the internet.
    It keeps the original goal of preventing the client from being able
    to connect to arbitrary domains. This is also something that
    sd-whonix did not guarantee (it could connect to arbitrary domains,
    albeit via Tor).

2. sd-whonix has access to onion service auth key

   Access done via qubes feature vm-config.SD_PROXY_ORIGIN_KEY

3. sd-whonix removed

4. Install `securedrop-proxy-config` in sd-proxy template

[1]: freedomofpress/securedrop-client#2561

Test in ci: openqa

Author: deeplow

securedrop_salt/sd-proxy.sls

@@ -11,7 +11,6 @@
 {% import_json "securedrop_salt/config.json" as d %}
 
 include:
-  - securedrop_salt.sd-whonix
   - securedrop_salt.sd-workstation-template
 
 sd-proxy-dvm:
@@ -26,7 +25,7 @@ sd-proxy-dvm:
       - template: sd-small-{{ sdvars.distribution }}-template
     - prefs:
       - template: sd-small-{{ sdvars.distribution }}-template
-      - netvm: sd-whonix
+      - netvm: sys-firewall
       - template_for_dispvms: True
       - default_dispvm: ""
     - features:
@@ -41,7 +40,6 @@ sd-proxy-dvm:
         - sd-workstation
         - sd-{{ sdvars.distribution }}
     - require:
-      - qvm: sd-whonix
       - qvm: sd-small-{{ sdvars.distribution }}-template
 
 sd-proxy-create-named-dispvm:
@@ -53,12 +51,13 @@ sd-proxy-create-named-dispvm:
       - class: DispVM
     - prefs:
       - template: sd-proxy-dvm
-      - netvm: sd-whonix
+      - netvm: sys-firewall
       - autostart: true
       - default_dispvm: ""
     - features:
       - enable:
         - service.securedrop-mime-handling
+        - service.securedrop-proxy-config
       - set:
           - vm-config.SD_MIME_HANDLING: default
           - servicevm: 1
@@ -79,5 +78,6 @@ sd-proxy-config:
     - name: sd-proxy
     - set:
         - vm-config.SD_PROXY_ORIGIN: http://{{ d.hidserv.hostname }}
+        - vm-config.SD_PROXY_ORIGIN_KEY: {{ d.hidserv.key }}
     - require:
       - qvm: sd-proxy-create-named-dispvm

securedrop_salt/sd-remove-deprecated-qubes.sls

@@ -5,7 +5,7 @@
 # WARNING: only remove when complete reinstall is assumed (e.g. 1.0.0 release)
 # This is because the workstation may have been offline for a while
 # and skipped some salt updates.
-{% for untagged_qube in ["sd-retain-logvm"] %}
+{% for untagged_qube in ["sd-retain-logvm", "sd-whonix"] %}
 
 poweroff-before-removal-{{ untagged_qube }}:
   qvm.shutdown:

securedrop_salt/sd-whonix-config.sls

@@ -17,7 +17,6 @@ base:
     - securedrop_salt.sd-proxy
     - securedrop_salt.sd-viewer
     - securedrop_salt.sd-app
-    - securedrop_salt.sd-whonix
     - securedrop_salt.sd-remove-deprecated-qubes
     - securedrop_salt.sd-remove-unused-templates
 
@@ -36,8 +35,6 @@ base:
   'sd-fedora-42-dvm,sys-usb':
     - match: list
     - securedrop_salt.sd-usb-autoattach-add
-  whonix-gateway-{{ whonix.whonix_version }}:
-    - securedrop_salt.sd-whonix-config
 
   # "Placeholder" config to trigger TemplateVM boots,
   # so upgrades can be applied automatically via cron.