Feat: Add OpenEoX Hardware Lifecycle Scanner

[PrudhviChanda]

Add OpenEoX Hardware Lifecycle Scanner for NetBox 4.4+

🗣 Description

This PR introduces a new NetBox script (hardware_lifecycle_auditor.py) designed to ingest standard OpenEoX JSON feeds to automate the identification of End-of-Support (EOS) hardware.

Additionally, this PR updates netbox/scripts/netbox_init.py to programmatically stage and register custom scripts via the Django ORM. This bypasses the NetBox 4.4+ syncdatasource symlink restrictions and Docker ConfigMap read-only file system errors (rsync: mkstemp failed: Read-only file system (30)) that previously prevented custom Malcolm scripts from loading.

Features of the Auditor:

• Parses OpenEoX JSON from authenticated remote URLs (via an Auth Header input) or local file uploads.
• Dynamically applies Lifecycle: End of Support and Lifecycle: Supported NetBox tags to active inventory.
• Generates an inline, formatted CSV report of compliant and non-compliant devices.

💭 Motivation and context

This change is driven by CISA BOD 26-02(https://www.cisa.gov/news-events/news/end-just-beginning-better-security-enhanced-vulnerability-management-openeox), which mandates agencies to identify and remove End-of-Support edge devices.

By natively tagging devices in NetBox based on the OpenEoX standard, Malcolm's backend Logstash workers can automatically pull these tags and enrich Zeek/Suricata network traffic logs in OpenSearch. This bridges the gap between physical asset vulnerabilities and live network traffic monitoring.

🧪 Testing

Environment: Malcolm Docker deployment with NetBox 4.x.

Steps Performed:

1. Validated the netbox_init.py shim correctly copied the script from /usr/local/bin/ to the writable /opt/netbox/netbox/scripts/ directory and successfully registered the ScriptModule without triggering Docker permission crashes.
2. Created a mock C1111 Cisco device in NetBox and marked it as Active.
3. Executed the script against a remote OpenEoX JSON payload hosted on a GitHub Gist.
4. Verified HTTP 404/JSON parsing error handling.
5. Confirmed the script respected the NetBox "Dry Run" database protections until the Commit changes box was checked.
6. Verified the correct application of the red Lifecycle: End of Support tag to the device profile and the generation of the CSV output block.

📷 Screenshots (if appropriate)

1. The Script UI:

2. The CSV Output:

3. The Device Tag:

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All future TODOs are captured in issues, which are referenced in code comments.
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All relevant repo and/or project documentation has been updated to reflect the changes in this PR.
• Tests have been added and/or modified to cover the changes in this PR.
• All new and existing tests pass.
• Bump major, minor, patch, pre-release, and/or build versions as appropriate via the bump_version script if this repository is versioned and the changes in this PR warrant a version bump.
• Create a pre-release (necessary if and only if the pre-release version was bumped).

✅ Pre-merge checklist

• Revert dependencies to default branches.
• Finalize version.

✅ Post-merge checklist

• Create a release (necessary if and only if the version was bumped).