Provide "diff" utils to limit changes made by people in different roles in the SSP workflow

[fsuits]

Issue description / feature objectives

If editing of catalog, profile, and guidance are to be restricted based on separate repositories, and if each repository captures only the changes made upstream, there is a need to check and make sure only the allowed changes were made at each stage in the pipeline. As an example, changes to guidance prose may be allowed, but parameter values are not.

Caveats / Assumptions

• At each editing stage in the pipeline (catalog, profile, guidance, ssp) users are working with a local repo that has a locally coherent snapshot of upstream changes
• Editors are trusted not to make local changes to those file copies - but that is not easily enforced.
• If an editor is only allowed to modify the guidance of a profile after generating to markdown and editing, the resulting markdown can be assembled to a json profile and compared with the original one in the repo
• various "diff" tools could be created to make it easy to check that only allowed changes were made at each stage - and block a PR if violations were noticed.
• These diff tools will need to use the local copy of the upstream catalog/profile in order to make the comparison - so those should never be edited.

Completion Criteria

• [ ] Agree with ability to trust that local files are not being edited and can serve as reference
• [ ] If not - decide mechanism to confirm local file has not been edited prior to generating content
• [ ] Define needed criteria at each stage in pipeline
• [ ] Create tools needed to check changes at each stage to block or approve PR, e.g. profile_parameters_match, catalog_controls_match etc.