Add Debian 13 package and service name overrides for CIS section 2

[israel-villar]

Extend existing service-disable and package-remove rules to support Debian 13 by adding pkgname@debian13 and servicename@debian13 overrides, and extending 'ubuntu' conditions to cover 'debian' products:

• avahi: pkgname@debian13=avahi-daemon, packagename@debian13=avahi-daemon
• bind: pkgname@debian13=bind9, packagename@debian13=bind9
• httpd/apache2: extend ubuntu condition to debian (package=apache2, service=apache2)
• dovecot: pkgname@debian13=dovecot-core, packagename@debian13=dovecot-core
• openldap-clients: pkgname@debian13=ldap-utils
• openldap-servers/slapd: pkgname@debian13=slapd, packagename@debian13=slapd
• nfs: packagename@debian13=nfs-kernel-server
• rsh: pkgname@debian13=rsh-client, extend ubuntu condition to debian
• rsyncd: packagename@debian13=rsync, servicename@debian13=rsync
• tftp: extend ubuntu condition to debian (package/service=tftpd-hpa)
• smb/samba: servicename@debian13=smbd
• snmp: pkgname@debian13=snmpd, packagename@debian13=snmpd
• xorg: pkgname@debian13=xserver-common
• gdm: pkgname@debian13=gdm3, extend ubuntu condition to debian
• service_disabled_guard_var template: add multi_platform_debian to the platform line so chrony/timesyncd guard rules apply to Debian

Description:

Extend existing service-disable and package-remove rules to support
Debian 13 by adding pkgname@debian13 and servicename@debian13
overrides, and widening 'ubuntu' in product guards to cover
'debian' in product where needed:

• avahi: avahi-daemon
• bind: bind9
• httpd/apache2: extend ubuntu → debian (package=apache2, service=apache2)
• dovecot: dovecot-core
• openldap-clients: ldap-utils
• openldap-servers/slapd: slapd
• nfs: nfs-kernel-server
• rsh: rsh-client; extend ubuntu → debian
• rsyncd: package=rsync, service=rsync
• tftp: extend ubuntu → debian (package/service=tftpd-hpa)
• smb/samba: service=smbd
• snmp: snmpd
• xorg: xserver-common
• gdm: gdm3; extend ubuntu → debian
• service_disabled_guard_var bash template: add multi_platform_debian
  so the chrony/timesyncd guard logic applies to Debian products.

Rationale:

Without these overrides the package_removed and service_disabled
templates fall back to RHEL package/service names, causing incorrect
checks and remediations on Debian 13.

Review Hints:

All changes are additive overrides or condition extensions — no existing
RHEL/Ubuntu behaviour is modified. The service_disabled_guard_var
template change adds Debian to the platform list so that the
chronyd_or_timesyncd guard runs correctly on Debian 13.

[openshift-ci]

Hi @israel-villar. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.