Add sshd_set_allow_groups rule for SSH group-based access control

[israel-villar]

Add a new rule and variable to enforce the AllowGroups directive in /etc/ssh/sshd_config via the sshd_lineinfile template. The rule restricts SSH access to members of a configurable group, reducing the attack surface by ensuring only authorized users can connect remotely. Map the new rule to the openssh component.

Description:

• Add new rule sshd_set_allow_groups and variable var_sshd_allow_groups
  to enforce the AllowGroups directive in /etc/ssh/sshd_config.
• Uses the sshd_lineinfile template.
• Map the new rule to the openssh component.

Rationale:

• Restricting SSH access to members of a specific group reduces the attack
  surface by ensuring only explicitly authorized users can connect remotely.
• The existing rule sshd_limit_user_access covers AllowUsers and
  DenyUsers/DenyGroups but not the AllowGroups directive.

Review Hints:

• One new rule directory under
  linux_os/guide/services/ssh/ssh_server/ and one .var file under
  linux_os/guide/services/ssh/.
• The variable var_sshd_allow_groups has no default value — it must be
  set explicitly in the profile (e.g. var_sshd_allow_groups=users).
• Build to verify: ./build_product debian13 --datastream-only

[openshift-ci]

Hi @israel-villar. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.