Make no-remediation waivers explicit

[comps]

Currently, there's a special piece of code that looks up failures in the scanned result set, and if a failure resulted from a rule that has no remediation, it automatically changes fail to warn:
https://github.com/RHSecurityCompliance/contest/blob/364b17e50/lib/oscap.py#L92-L94

Let's make this explicit by a single waiver rule:

.*
    Match(lib.oscap.has_no_remediation(), sometimes=True)

---

• check if we can import lib directly, or if we need __init__.py
• import lib into the list of globals available to waivers
• update WAIVERS.md
• add the rule to both waiver files

This turns

into

[comps]

Actually, we can use Match(..., note="no remediation", sometimes=True) to make it more useful.

[comps]

Well, lib.oscap.has_no_remediation(...) takes a rule name as an argument, which we don't have while processing full /test/name/possibly/with/rule strings when waiving. Either the waiver line, or has_no_remediation() will have to strip out the basename of that and check if it's a valid rule name in the no-remediation list.

[comps]

Well, I've spent a few hours trying to make importlib.import_module() actually import from a specific relative parent directory, but it unfortunately doesn't take a custom FileFinder() produced by pkgutil.iter_modules(),

def import_wildcard(directory):
    """
    Import all python modules under a specific directory,
    return a SimpleNamespace containing all the modules.
    """
    ns = types.SimpleNamespace()
    for mod_data in pkgutil.iter_modules([directory]):
        _, name, _ = mod_data
        mod = importlib.import_module(f'.{name}')
        setattr(ns, name, mod)
    return ns

and while we could probably hack something together using importlib.abc primitives, it all seems like a giant hammer for the simple idea of passing lib to the waiving environment.

Honestly, it might be better to just pass no_remediation() as a single function to the waivers, instead of building a custom logic for loading modules, just so we can load lib from inside lib/waive.py to pass it to waivers.

We would also avoid the duality of

def has_no_remediation(*, rule=None, test=None):
    """
    Return True if a specified rule, as either given directly by name (rule arg)
    or parsed from a test / result name (test arg).
    Return False otherwise.
    """ 

and could leave it for rule name only (in code) and have the waivers-visible no_remediation() use test/result name.

[comps]

Unfortunately, there's no Match(..., note= available and implementing it just so we can verbosely add "no remediation" to the results, while already concatenating note from three places (adding a fourth), would probably be too much.

So let's drop this issue. Some work done: d77c42a , and the problem of having 2 sources of truth (waivers) is still valid, but the solution may be worse than the problem.

Not to mention how much more difficult to solve it would make #87 .