support policy drop-ins for rottweiler

[bcressey]

What I'd like:
I'd like the ability to override some of the hard-coded behavior in rottweiler via drop-ins:

1. PCRs for sealing keys
2. Settings to exclude

Any alternatives you've considered:
Keep the hard-coded paths. These are inflexible and won't easily extend to downstream builds. For example, we know that aws-k8s-* builds will set settings.kubernetes.hostname-override to a host-specific value, which then makes the PCR 8 measurement unique.

[bcressey]

@mikn my hope is some combination of this (making PCRs configurable) and #363 (tagging SD disks as ephemeral) will help make #721 work for your variants too.

[cbgbt]

Something that came to mind was that excluded settings could be configured via a new type of metadata in the datastore.

[bcressey]

Something that came to mind was that excluded settings could be configured via a new type of metadata in the datastore.

That makes sense, then the "exclude this" marker can live near where the setting is defined.

[mikn]

Amazing - looking forward to this!