[ssh-wg] Build Python3 binary for salt-ssh

[Ch3LL]

Maintain and build a Python 3 binary that will be copied over with the tarball to be included in the salt-call run. This will also be gated by a config option that a user will need to enable if they always want to use the binary option.

How are we going to build the Python 3 binary? We will build the binary statically for both x86_64 and ARM architecture. We will include the x86_64 binary by default in the Salt-SSH package. If the ARM architecture is detected we will include a warningto the user to download the binary. To make this download or upgrade of the binary easier, a switch/arg will be added to the salt-ssh cli tool that will handle this logic for both binaries. We will include the required libraries to run salt-call and include the pip binary. If users want to include other dependencies on top of this binary they can use the ssh_ext_alternatives feature to include the additional dependencies.

Python Binary Security Releases: We will need to monitor and make sure our Python 3 binary and other built libraries are kept up to date with any security releases. Since the Python 3 binary will be managed outside of the salt repo we can do releases outside of the Salt release cycle to include these new patches and updates quickly. We will add a tool to help monitor if there are vulnerabiltiies in our dependencies. Either pyup or github security alerts

• [ ] Research best way to build x86_64 python3 statically.

• [ ] Need to review the licenses of all the libraries included in the build to see if there are any licensing conflict.

• [ ] If there are any issues found during the research of this task which requires significant changes to the original plan might need to open a new SEP.

Part of work towards adding this SEP: saltstack/salt-enhancement-proposals#11