Support testing CaC/content and openscap build from pull requests

[comps]

• For https://github.com/ComplianceAsCode/content , it means extending /plans/upstream to support --branch, or rather to rewrite git-clone to git-init + git-fetch, so we can specify a non-branch ref such as refs/pull/1234/head, effectively cloning (and building in get_content()) a content snapshot from PR #1234.
• For openscap, it would mean extending the same plan (or /plans/main.fmf for all plans) to download https://copr.fedorainfracloud.org/coprs/packit/OpenSCAP-openscap-{PR_ID}/repo/centos-stream-{versions.rhel.major}/packit-OpenSCAP-openscap-{PR_ID}-centos-stream-{versions.rhel.major}.repo to /etc/yum.repos.d and calling dnf upgrade openscap.
  • Since this adds an HTTP-style git repo (not a file:// one), the repo will be automagically used by all tests that propagate HTTP repos to VMs, incl. /hardening/{oscap,ansible,image-builder}.

[comps]

In a round-about way, this could provide an alternative to #94

We probably also want to dnf check-upgrade / exit status 100 for an openscap PR, just to verify that there's a valid build present and the test run wasn't triggered too early.