Improve pam_options SLE16 -related behaviour

[teacup-on-rockingchair]

Description:

• Improve pam_options related rules behaviour for SLE16. Make sure distro default configuration files from /usr/etc are not used in hardening for anything else but for source of generating default configuration in /etc from remediation scripts. Anything in /usr/etc will be changed or wiped out on upgrade so we should not rely on it for hardening

Rationale:

• Remove the special case for sle16 in OVAL, if file is missing test will FAIL
• Add preserve option when copy distro defaults to /etc for bash and ansible
• Fix tests for use_pam_wheel_group_for_su and set_password_hashing_algorithm_commonauth
• Add test for accounts_password_pam_pwhistory_remember

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

@teacup-on-rockingchair: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/4.19-images	250b05f	link	true	/test 4.19-images
ci/prow/e2e-aws-openshift-platform-compliance	250b05f	link	true	/test e2e-aws-openshift-platform-compliance

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.