PR for leveraged authorization constraints (issue #898)

[Rene2mt]

Committer Notes

This PR adds the constraints in issue #898. These include

• leveraged-authorization-has-authorized-users - Ensure every "system" component linked to a leveraged authorization has at least one authorized user. NOTE - Current implementation only checks that the component (that represents the leveraged authorization service) has at least one responsible-party with a role-id. Issue SSP Leveraged Authorization Component Entries #898 called for checking the party-uuid, and this can be added, however, it seems the rev 5 SSP template table 6.1 may actually be looking for role rather the the respective party.
• leveraged-authorization-has-component - Ensure every leveraged authorization entry is associated with exactly one component of type "system"
• leveraged-authorization-has-implementation-point - Ensure every "system" component linked to a leveraged authorization has exactly one implementation point property, and that it is set to "external"
• leveraged-authorization-has-information-type - Ensure every "system" component linked to a leveraged authorization has at least one information-type FedRAMP extension property
• leveraged-authorization-has-nature-of-agreement - Ensure every "system" component linked to a leveraged authorization has exactly one nature-of-agreement FedRAMP extension property

FedRAMP Developer Hub documentation changes are being prepared in a separate PR

All Submissions:

• Have you selected the correct base branch per Contributing guidance?
• Have you set "Allow edits and access to secrets by maintainers"?
• Have you checked to ensure there aren't other open Pull Requests for the same update/change?
• Have you squashed any non-relevant commits and commit messages? [instructions]
• Have you added an explanation of what your changes do and why you'd like us to include them?
• If applicable, have all FedRAMP Documents Related to OSCAL Adoption affected by the changes in this issue have been updated.? IN PROGRESS
• If applicable, does this PR reference the issue it addresses and explain how it addresses the issue?

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

[wandmagic]

i like the messages you chose for this one, great job!

[Gabeblis]

This is a good start! Just a few things that I noticed.

[Gabeblis]

Thank you for addressing my previous feedback. This looks really good! Just one small typo that I noticed.

[Gabeblis]

Looks like this PR is good to go. It just needs to be rebased @Rene2mt

[aj-stein-gsa]

Hey @Rene2mt I just wanted to check up on this and see if we want to move this forward before or after #828 and namespace shift.