various profile fixes

[roperzh]

Related tickets

#10775
#10678
#11024
#11026

What's happening

• Implemented the hashing mechanism defined by @mna in Edited MDM configuration profiles may fail to properly deploy to the hosts #10678, however this mechanism is mainly relevant for batch profile updates via the CLI, we can't leverage it when a host switches teams.
• Modified BulkSetPendingMDMAppleHostProfiles so when two profiles with the same identifier are sheduled both for removal and update, the function will now mark only the install as pending so it's picked by the cron, and will DELETE the remove entry from the database so it's not picked by the cron and never sent to the user.
• GetHostMDMProfiles and consequently the profiles returned in GET /api/_version_/fleet/hosts return host_mdm_apple_profiles.state = NULL as "Enforcing (pending", the distinction between status = 'pending' and status IS NULL is only useful for the cron, for users both mean the same thing, and all our profile aggregations already behave this way.
• Using the solution implemented by @gillespi314 in Reconcile MDM profiles by updating installed profiles in place #10998 we're now deleting the host row from host_disk_encryption_keys if a host is moved from a team that enforces disk encryption to a team that doesn't.

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Added/updated tests
• Manual QA for all new/changed functionality

[codecov]

Codecov Report

Patch coverage: 74.16% and project coverage change: -0.05 ⚠️

Comparison is base (da15fc8) 60.14% compared to head (6b1ddef) 60.10%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #11084      +/-   ##
==========================================
- Coverage   60.14%   60.10%   -0.05%     
==========================================
  Files         527      528       +1     
  Lines       55103    55263     +160     
==========================================
+ Hits        33143    33217      +74     
- Misses      18943    19021      +78     
- Partials     3017     3025       +8     

Impacted Files	Coverage Δ
ee/server/service/teams.go	0.00% <0.00%> (ø)
server/datastore/mysql/hosts.go	83.30% <0.00%> (+0.07%)	⬆️
server/fleet/apple_mdm.go	40.38% <ø> (ø)
server/fleet/datastore.go	0.00% <ø> (ø)
server/datastore/mysql/apple_mdm.go	72.15% <78.94%> (-0.59%)	⬇️
...ons/tables/20230408084104_AddChecksumToProfiles.go	81.81% <81.81%> (ø)
server/service/apple_mdm.go	58.11% <100.00%> (+0.17%)	⬆️

... and 2 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[gillespi314]

Looks good! I had one question on the team delete scenario.