Bump actions/checkout from 4 to 5 (#2499)

rego policy enforcer should use the same user parsing logic as GCS (#…

…2405)

This PR fixes a discrepancy between user info handling between
GCS and rego policy enforcer. For example, GCS doesn't require the
user/group to exist in container's /etc/passwd and /etc/group
and has a fallback to UID and GID 0, when the user is absent.
Rego enforcer's `GetUserInfo`, however, always tries to
lookup user/group in /etc/passwd and /etc/group and returns
an error when the UID doesn't exist. This behavior is inconsistent
with non confidential LCOW workloads and fixed in this PR.

To avoid circular imports, the spec.go and spec_devices.go under
`internal/guest/runtime/hcsv2` have been moved under
`internal/guest/spec` and the dependent code updated accordingly.
As a result a bunch of methods are now exported, but still under
`internal`, so this shouldn't cause problems.

User parsing has been updated and split into `ParseUserStr`, which
returns UID and GID for a given `username` string and `SetUserStr`,
which just sets the UID and GID for the OCI process.

Rego enforcer's `GetUserInfo` now prioritizes the result of
`ParseUserStr` and fallbacks to the previous behavior of UID/GID
lookup in container's filesystem.

Signed-off-by: Maksim An <[email protected]>

Omnibus dependabot update (#2347)

* Omnibus dependabot update

Consolidate and resolve the dependabot PRs (mostly handle nested
module):

 - 2267
 - 2296
 - 2307
 - 2315
 - 2323
 - 2324
 - 2333
 - 2334
 - 2335
 - 2336
 - 2339
 - 2340
 - 2341
 - 2345 (https://github.com/microsoft/hcsshim/security/dependabot/113)
 - 2346 (https://github.com/microsoft/hcsshim/security/dependabot/115)

Two commits: first is core updates, second is module tidy and vendor,
along with (protobuf) file regen.

Signed-off-by: Hamza El-Saawy <[email protected]>

* go mod tidy and vendor, protobuf update

Replace deprecated `github.com/opencontainers/runc/libcontainer/user`
with `github.com/moby/sys/user` (which it is an alias for).

Signed-off-by: Hamza El-Saawy <[email protected]>

---------

Signed-off-by: Hamza El-Saawy <[email protected]>

Fixing typo (#2288)

(cherry picked from commit 166e62a)

Signed-off-by: ritikaguptams <[email protected]>

Switch to using containerd/errdefs/pkg/errgrpc for grpc translation

Signed-off-by: Kirtana Ashok <[email protected]>

Update containerd to v1.7.23 (#2295)

Signed-off-by: Derek McGowan <[email protected]>

Merge pull request #2293 from dmcgowan/update-containerd-1.7.23

Update containerd to v1.7.23

Update the retracted version of github.com/veraison/go-cose

Signed-off-by: Kirtana Ashok <[email protected]>

Bump golangci/golangci-lint-action from 4 to 6

Signed-off-by: Kirtana Ashok <[email protected]>

Omnibus dependency updates (#2051)

Consolidate dependabot updates:
 - github.com//pull/2050
 - github.com//pull/2048
 - github.com//pull/2047
 - github.com//pull/2046
 - github.com//pull/2045
 - github.com//pull/2044
 - github.com//pull/2043
 - github.com//pull/2042

Signed-off-by: Hamza El-Saawy <[email protected]>
(cherry picked from commit 060de7c)
Signed-off-by: Kirtana Ashok <[email protected]>