Implement constrained extensions in RCv2

[alsanmsft]

As per this spec , for Constrained extensions, customers can specify what kinds of script are and are not allowed to run. Customers may want to limit their run command to only run gallery scripts, only inline scripts or only run certain allow listed scripts.

This PR implements that logic using allowlists of hashes. The RCv2 behavior changes are as follows:

When there's a policy present, RCv2 can

• Limit scripts it runs based on script type

• Limit command IDs it runs based on an allowlist

• Limit downloaded scripts it runs based on a hash allowlist (RCv2 validates the scripts after downloading it)

• Validate that the user in the RunAsUser settings property is permitted by policy.

The code changes required to support this behavior are:

• The code references the shared common library extensionpolicysettings in azure-extension-platform
• Updates to HandlerSettings to reflect that the CommandId and ScriptType properties are being sent down from CRP
  
• There is a new extensionpolicysettingsRC folder, with types relating to extensionpolicysettings (including a policy struct, a flag type, etc) in types.go and Handler Settings validation against the policy in extensionpolicysettingsRC.go
• Unit tests for the above changes

The changes in this PR do not affect RC's existing behavior from a customer perspective, but accurately fetch information from CRP and initialize extension policy as desired. The behavior change that depends on different policy configurations is covered in UTs.

[D1v38om83r]

Approved with suggestions.

[D1v38om83r]

Approved with comment.