rule specification versioning

[scholarsmate]

This is an enhancement proposal. For tooling, rule migration, and interoperability say in a cluster running different versions of fapolicyd, it would be extremely beneficial to know what rule specs are compatible with what versions and perhaps even a way to translate / migrate from one version to another (like when upgrading fapolicyd). For GUI tooling, for example, maybe it can only handle rule spec 2.0+, which has specific requirements on rule ordering, but fapolcyd can handle both version 1.0 (original ordering) and 2.0. The spec version is independent of the fapolicyd version. The tooling could also emit rules that are compatible with different rule spec versions based on what's deployed.

Since the current spec considers lines beginning with a '#' as a comment, perhaps the first line of the rules files going forward could begin with something like this:

# version: 1.0

So for the original version, it just gets ignored, but for later versions (2.0 and beyond), that first line with a version is required. For example:

# version: 2.0

If the version line doesn't appear, then version 1.0 is assumed (because it wasn't initially required).

There are many good ways to implement spec versioning, but the important thing is that we have a mechanism to support spec versioning.