Add NixOS packages upgradeable

[Micah-Kolide]

Adding a xml exec parser for NixOS packages. nix-env with -c can check package version and output into xml or json format. Json doesn't seem to return versionDiff, which is super useful on the check side, so I chose to add the XML parsing to the exec datatypes.

osquery> SELECT * FROM kolide_nix_upgradeable;
+----------------------------------+---------------------+---------------------+-----------------+-------+
| fullkey                          | parent              | key                 | value           | query |
+----------------------------------+---------------------+---------------------+-----------------+-------+
| items/item/0/-pname              | items/item/0        | -pname              | nix             | *     |
| items/item/0/-maxComparedVersion | items/item/0        | -maxComparedVersion | 2.17.0          | *     |
| items/item/0/-name               | items/item/0        | -name               | nix-2.18.0      | *     |
| items/item/0/-outputName         | items/item/0        | -outputName         |                 | *     |
| items/item/0/-system             | items/item/0        | -system             | unknown         | *     |
| items/item/0/-version            | items/item/0        | -version            | 2.18.0          | *     |
| items/item/0/-versionDiff        | items/item/0        | -versionDiff        | >               | *     |
| items/item/0/output/-name        | items/item/0/output | -name               | out             | *     |
| items/item/0/-attrPath           | items/item/0        | -attrPath           | 1               | *     |
| items/item/1/-pname              | items/item/1        | -pname              | nss-cacert      | *     |
| items/item/1/-system             | items/item/1        | -system             | unknown         | *     |
| items/item/1/-versionDiff        | items/item/1        | -versionDiff        | =               | *     |
| items/item/1/output/-name        | items/item/1/output | -name               | out             | *     |
| items/item/1/-attrPath           | items/item/1        | -attrPath           | 0               | *     |
| items/item/1/-outputName         | items/item/1        | -outputName         |                 | *     |
| items/item/1/-version            | items/item/1        | -version            | 3.92            | *     |
| items/item/1/-maxComparedVersion | items/item/1        | -maxComparedVersion | 3.92            | *     |
| items/item/1/-name               | items/item/1        | -name               | nss-cacert-3.92 | *     |
+----------------------------------+---------------------+---------------------+-----------------+-------+

This is super early in testing on a mac not a full NixOS install, but the general idea should work.

[Micah-Kolide]

There are some questions here around multi-user installs / NixOS profiles as packages are only listed on a per profile basis. I'm looking into it more, but I might have to change this into a custom parser for handling multi profiles.

[Micah-Kolide]

NixOS hosts a Nixpkgs releases, and lists them in a GitHub repo. If we need to go the release tracker path then we should be able to pull from these sources.

[Micah-Kolide]

Lots of helpful info on NixOS package management here.

[CLAassistant]

All committers have signed the CLA.

[directionless]

@Micah-Kolide What's the state on this one? It looks almost ready, though the commands would need to shift to the Allowedcmd framework

[Micah-Kolide]

I think this will need some more testing on the linux side, but this may just work out as hoped. seph figured we could run with it and verify data after a merge. I didn't get a good NixOS environment set up for my own testing yet, so I was hoping we might be able to use a test NixOS machine from @RebeccaMahany?

I'm going to be working on re-setting up my NixOS build, but if it wouldn't be a hassle, then I would appreciate the help with testing it.

[RebeccaMahany]

Relates to #868