Role validations

[GaryGapinski]

This request addresses issue #51 as well as other role-related constraints (the latter lack a specific issue).

[GaryGapinski]

This PR includes all role-related items other than <component> and <inventory-item> <responsible-party> and privacy PoC (all of which are separately handled).

Covers the following sections in DRAFT Guide to OSCAL-based FedRAMP System Security Plans: §4.6 through 4.11 and §4.18.

§4.20 (System Interconnections and Authorized Connections) has not yet been made a task.

[ohsh6o]

B: I am not sure how this works. I see a lot of important supporting work in this PR, but not where it trickles down into responsible-roles. Is that correct? From SSP Guide, Section 5.2, page 36.

   <metadata>
      <role id="admin-unix">
         <title>Unix Administrator</title>
      </role>
   </metadata>

  <!-- Fragment: -->
   <system-implementation>
      <user uuid="uuid-value">
         <role-id>admin-unix</role-id>
      </user>
   </system-implementation >

   <!-- system-implementation -->
   <control-implementation>
      <implemented-requirement uuid="uuid-value" control-id="ac-2">
         <!-- cut -->
         <responsible-role role-id="admin-unix" />
         <set-parameter param-id="ac-1_prm_a">
            <value>System Manager, System Architect, ISSO</value>
         </set-parameter >
         <!-- cut -->
   </control-implementation>

[ohsh6o]

LGTM

[github-actions]

XSpec Test Results

    1 files  ±0    11 suites  ±0   0s ⏱️ ±0s
354 tests ±0  263 ✔️ ±0  91 💤 ±0  0 ❌ ±0 
356 runs  ±0  263 ✔️ ±0  93 💤 ±0  0 ❌ ±0 

Results for commit 284db78. ± Comparison against base commit 284db78.