Update EXO code to align to revised emerald baseline

[buidav]

🗣 Description

• Updates all Provider/Rego code to align to the revised EXO baseline
• Improvements to the accuracy of the Rego check for Policy Group 6 and 12.
• Does not address Update the report module to handle policies with a list of items #526 where text in the requirements can look barbaric.

💭 Motivation and context

Closes #429
Additionally Resolves #562, #563, #564, #560, #571

Addresses the EXO half of #124. Teams half still needs to be addressed.

🧪 Testing

Tested on E5, G3, G5, GCC High Tenants.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All future TODOs are captured in issues, which are referenced
  in code comments.
• All relevant type-of-change labels have been added.
• All relevant repo and/or project documentation has been updated
  to reflect the changes in this PR.
• Tests have been added and/or modified to cover the changes in this PR.
• All new and existing tests pass.

✅ Pre-merge checklist

✅ Post-merge checklist

[adhilto]

Also addresses EXO half of #124.

[adhilto]

Overall looks good. Just two (hopefully) minor comments.

[tkol2022]

While working on the functional tests I came across a couple of conditions that I think might be worth resolving for Rego policy check 7.1 "External sender warnings SHALL be implemented". Both of these cases represent what I would consider non-compliant states according to the baseline policy and its implementation instructions. If you feel these are better scoped to a separate issue, then feel free to copy/paste them into a separate new one.

• The first non-compliant state is if the user were to implement a different "Do the following" action for the rule from what we have in the baseline. The baseline instructs the user to implement the "Prepend the subject of the message with" action but I found that I could get ScubaGear to produce a Pass even when I implemented a different action: "Set the message header".
  
  

• The second non-compliant state is if the user implements the correct action but puts a blank (or empty single space) into the message prefix input box. This would cause the email to be delivered to the user's email box and since the only thing prepended to the subject is a blank, the user wouldn't have any indicator that the message was from an external sender. I'm wondering if we should check that there is at least some text in the prefix input configuration.
  
  

[tkol2022]

Baseline document updates

Based on the writing the automated functional tests for EXO, below are some baseline document updates that I noticed. Tagging @ahuynhMITRE and @schrolla for awareness.

• Not sure if this instruction belongs here for 12.1. Step 8 to ensure Turn on safe list is not selected belongs with policy 12.2.

• Remove the instructions to implement the org-level setting which prohibits external sharing of calendar. See MS.EXO.6.2v1 does not check the Org calendar sharing settings and can produce a false Pass #560 for details.
• Clarify MS.EXO.5.1 instructions that describe enabling SMTP Auth on a per mailbox basis for exception cases. IMHO I don't think we should be encouraging the enabling of insecure protocols or including instructions on how to do that at all. See Clarify MS.EXO.5.1 per-mailbox instructions as exceptional #554 for details.
• For 16.2 EXO instructions, I'm thinking the hyperlink should go to https://github.com/cisagov/ScubaGear/blob/emerald/baselines/defender.md#msdefender52v1-instructions because that is where the actions for adding email recipients to an alert are.
  

[tkol2022]

I tested the EXO code extensively when writing the automated functional test YAML file. Bugs found have been added as separate issues. I also just added #571 based on a comment here.

[buidav]

@tkol2022 @Sloane4
Added code/baseline updates to resolve the following issues

3.1 #564
Updated baseline that DKIM Should be enabled for all domains.
Updated rego code as well to cover this

4.3 #562
added check that reports@dmarc.cyber.dhs.gov is specifically in the rua field

4.4 #563
added check that rua field has at least 2 emails and the ruf field has at least 1 email

6.2 #560
remove the external org sharing instructions in the M365 admin center from the baseline.
This setting is to be explored in #469

7.1 #571
Added condition check that the rule should be using PrependSubject (not null)
and that there is at least 1 character in the PrependSubject field.

[buidav]

@Sloane4 addressed comments. Rereview changes.
@tkol2022 there was additional bug with DMARC that a spent a few extra hours smushing for 4.3 and 4.4.
Any false positives for DKIM/DMARC should hopefully now be gone.

OOO

[buidav]

@nanda-katikaneni this is ready to merge
@ahuynhMITRE there are EXO baseline document changes in this PR