Allow to configure fleetd for script execution

[roperzh]

Related to #13310 and #13304 this adds two ways to enable script execution in fleetd (the orbit component)

• By building a package with --enable-scripts
• By providing a setting via a configuration profile (macOS only)

Due to how the profile assignment works, this change automatically updates the com.fleetdm.fleetd.config for hosts that already have the profile installed.

Note

Documentation is in #13577 to decouple reviews.

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/ or orbit/changes/.
  See Changes files for more information.
• Added/updated tests
• Manual QA for all new/changed functionality
  • For Orbit and Fleet Desktop changes:
    • Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
    • Auto-update manual QA, from released version of component to new version (see tools/tuf/test).

[codecov]

Codecov Report

Patch coverage: 100.00% and project coverage change: -0.06% ⚠️

Comparison is base (3755264) 58.85% compared to head (cad9fd7) 58.80%.
Report is 7 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13564      +/-   ##
==========================================
- Coverage   58.85%   58.80%   -0.06%     
==========================================
  Files         891      892       +1     
  Lines       72980    73109     +129     
  Branches     2079     2079              
==========================================
+ Hits        42955    42990      +35     
- Misses      26580    26669      +89     
- Partials     3445     3450       +5     

Flag	Coverage Δ
backend	59.34% <100.00%> (-0.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
orbit/pkg/packaging/linux_shared.go	0.00% <ø> (ø)
orbit/pkg/packaging/packaging.go	0.00% <ø> (ø)
server/fleet/apple_mdm.go	35.93% <ø> (ø)
cmd/fleetctl/package.go	79.67% <100.00%> (+0.40%)	⬆️

... and 8 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mna]

Nice! Will integrate this in my PR as soon as it merges.

[mna]

Not sure I understand why adding the new flag makes that unnecessary?

[mna]

Ah I think I see, the ErrNotFound is not returned anymore when secret+ url are empty, but that doesn't matter because anyway we check if any of those are empty don't use them if that's the case.