changes made to make os_hardening compatible with immutable filesystem (atomic-container)

[millerthegorilla]

Introduced new default var os_immutable_fs which defaults to ansible_facts.pkg_mgr not 'atomic_container'.

Prevented ansible.builtin.packages and yum etc from installing or removing files on atomic_container systems, due to requirement to reboot and to use community.general.rpm_ostree instead of ansible.builtin.packages

os_hardening now runs without fail on my core_os system. I set

os_auditd_enabled: false   # auditd is already installed
os_immutable_fs: true # new var to indicate immutable filesystem.  Defaults/main.yml to 'not atomic_container'

[schurzi]

CI is currently failing because of: ansible/molecule#3883

[schurzi]

I updated our testing, can you please update your PR?

[millerthegorilla]

@schurzi I have managed to get in a mess by leaving the 'signed-off by' out of the commit message, and I just don't have time to fully comprehend the git rebase process at the moment. I have tried updating the commit messages several times, but it doesn't seem to change anything viz the checks.
Can you delete this pull request, and I will start again?

[schurzi]

Sure, sometimes a Pr gets messed up. No worries :)
I also advise to do your changes in a branch in your fork, this simplifies things and I can do updates to your PR myself. ;)

I have taken a cursory look at your PR and I would like you to use the variable os_immutable_fs in almost all places, where you do the check for immutable os. This should leed to better understandable code overall.

Other than that your changes seem to break some tests and we need to address this.