Alert to customer SOC when ACL processing stops

[wilsonmar]

Feature Description

Most large enterprises have a SOC (Security Operations Center) that runs 24x7 to monitor and respond to anomalous issues identified by various monitoring systems. When, in production, processing (enforcement) of ACLs is turned off, that's something they should know about right away. This is both for customers and Consul HCP Operations.

This issue concerns ensuring that there are procedures and systems available to prove that the above works for dev, QA, pre-sales engineers, etc. within HashiCorp, and that proven instructions and training are given to customers on this topic.

Use Case(s)

This is one of several conditions in answer to the question "Are accountable parties immediately notified about anomalies and failures?" which is item LOG-13.2 - Failures and Anomalies Reporting - in the CAIQ v4 which HashiCorp customers must fill out to provide their auditors. See https://cloudsecurityalliance.org/download/artifacts/star-level-1-security-questionnaire-caiq-v4/ BTW the CAIQ (Consensus Assessment Initiative Questionnaire) is called "consensus" because it was defined for use by all cloud service providers and the Q&A is applicable to 40 audit programs (SOC2, ISO 27000, FedRamp, etc.). A public example draft for Consul is at https://wilsonmar.github.io/CAIQ4.0.1.consul/