Add package to perform path lookups and validations for commands

[RebeccaMahany]

Recommendations for reviewing

This PR got a little larger than I intended. This is the order I recommend reviewing the PR in and what I think it's useful to pay attention to in each section.

1. pkg/allowedcmd -- this is the new package that handles allowlisting for binaries. I would look especially at validatedCommand and allowSearchPath, which is the majority of the logic changes for this PR. The rest is mostly boilerplate.
2. .golangci.yml -- this contains a new linting rule to ensure we don't use exec.Command and exec.CommandContext in the future.
3. pkg/ptycmd -- this package was removed because it is not in use and would not allow for easy usage of allowedcmd.
4. Everything else in cmd, ee, and pkg -- these are just updates to use the new allowedcmd package. These are helpful to review to get a sense of how you can use allowedcmd in the future.

Description

Update all usages of exec.Command and exec.CommandContext to no longer perform path lookups, instead using a new allowedcmd package to allowlist paths to binaries. In the case where the path cannot be allowlisted (e.g. when using Nix, the install path may be in /nix/store stored in an unknown location), perform lookup in the PATH.

Links

Closes #833

Relates to #896

Testing notes

Areas to regression test

• Desktop runs on macOS
• Desktop runs on Linux
• Desktop runs on Windows
• Notifications work on macOS
• Notifications work on Linux
• Opening URLs from notifications works on macOS
• Opening URLs from notifications works on Linux
• Opening URLs from the menu bar works on macOS
• Opening URLs from the menu bar works on Linux
• Opening URLs from the menu bar works on Windows
• Gnome Extensions checkup works the same as it did before (Linux only)
• Launchd checkup works (macOS only)
• Network Report checkup works on macOS
• Network Report checkup works on Linux
• Network Report checkup works on Windows
• Osquery checkup works on macOS
• Osquery checkup works on Linux
• Osquery checkup works on Windows
• Power Report checkup works (Windows only)
• Service Report checkup works (Windows only)
• Live-querying tables works on macOS, including: kolide_diskutil_list, kolide_apfs_list, kolide_apfs_users, kolide_tmutil_destinationinfo, kolide_powermetrics, kolide_remotectl, kolide_softwareupdate, kolide_softwareupdate_scan, kolide_touchid_system_config, kolide_touchid_user_config, kolide_mdm_info, kolide_spotlight, kolide_apple_silicon_security_policy, kolide_filevault, kolide_firmwarepasswd, kolide_ioreg, kolide_mdmclient, kolide_profiles, kolide_pwpolicy, kolide_system_profiler
• Live-querying tables works on Linux, including: kolide_lsblk, kolide_apt_upgradeable, kolide_dpkg_version_info, kolide_cryptsetup_status, kolide_gsettings, kolide_gsettings_metadata, kolide_xrdb
• Live-querying tables works on Windows, including: kolide_dsregcmd, kolide_dsim_default_associations, kolide_secedit

[directionless]

nice. Really glad to see a linter for this

[directionless]

With the caveat that I did not review all the calls. This looks pretty good. I'd accept it, though I wanted to let other people take a look before approving.

There's a couple of small nits I saw, I think they're ignorable.

I really like the compile safety

[directionless]

Suggested change

	func Gnomeextensions(ctx context.Context, arg ...string) (*exec.Cmd, error) {
	func GnomeExtensions(ctx context.Context, arg ...string) (*exec.Cmd, error) {

Not really important, but I'd probably use camel case

[RebeccaMahany]

Ah yeah, I have a bunch of these to update, then. I was waffling on how to capitalize anything with abbreviations in it (e.g. bputil -- BPUtil or BpUtil) and this was my solution for not having to decide 😅 .

[RebeccaMahany]

I have, at least, now adjusted casing for any command with punctuation in it (so falcon-kernel-check/Falconkernelcheck is now FalconKernelCheck and gnome-extensions/Gnomeextensions is now GnomeExtensions).

[zackattack01]

this looks understandable/useable and much safer, appreciate all the comments and the new linter! looks great 🔥

[James-Pickett]

Wow this is pretty cool, much better. I did not review every single cmd that was updated, but went over a few to understand how it works.