These are already set in snapshot for CI

* Caleb thinks current failures might be a race condition.  Trying to increase timeout as he suggested to see if it resolves test issue.

This PR converts os.chmod calls to os.fchmod where possible, and
writes the pool encryption secrets to a BytesIO object rather than
a tempfile (since it's only being consumed by shutil.copyfileobj()).

Since these IDs should never change, add them to the list of
known values to avoid unnecessary pwd and grp lookups. Also use
fchmod / fchown because we already have an fds for files when
we open them.

For historical reasons we had single cacert file with manually
concatenated cacerts. Convert LDAP service to use newer
general-purpose one. Also use existing fd for fchmod call.

Ensure that temporary keytab files are generated with
0o600 permissions and that directory where they are
created has 0o700 permissions. Generally clean up
this script as well.

This contains a few improvements to permissions management in
etc plugin:

- write_if_changed is updated to allow passing an fd rather than
  only a path name
- permissions check and file contents check are now run from same
  thread.
- permissions are set on file before writing.
- set default permissions on config files to 0644 unless dev
  specifies something different.

(cherry picked from commit dc576a81)

This is a more correct way of using dir_fd with the python
builtin open() and also ensures that new file created with
correct perms.

* Add method to retrieve valid disk volumes with paths

* Migrate existing disk devices to use correct disk path

* Add merge migration

* Properly load device attributes in migration

* Make sure volume is not locked

* Update migration from stable/angelfish

* Update merge migration

* Cover up usages of disk devices

(cherry picked from commit 5b3bcaf0)

If TrueNAS is installed on a USB stick, Debian changes boot pool vdev to something like
`/dev/disk/by-id/usb-JetFlash_Transcend_16GB_XXXXXXXXXXXXX-0:0-part3`. This was not
being mapped properly.

(cherry picked from commit 95099a0f)

(cherry picked from commit 6ff40656)

(cherry picked from commit 0c851fa8)

This commit fixes an issue where we had a race condition between retrieving routing tables and the defined rules.

Sometimes disks are not mapped with their vdev guids. This happens randomly and rarely
(usually users are able to resolve this issue just by rebooting the system). I failed to
repeat this. Let's have better debugging for the future reports of this issue.

I decided to drop those awk scripts that provide "normalized" data, raw zpool output is
perfectly readable and it's much reliable to have unprocessed data in the debug.

Apart from having shared context (which is probably of negligable
benefit here). This also makes several changes to how webdav
config files are generated.

We now always ensure that password hashes are owned by webdav user and
permissions are 0o600 and use secrets.choice() rather than
random.choice() for generating hashes. A subprocess call to change
owner has also been replaced with shutil.chown(). Futher investigation
may be required in order to determine whether this chown call is
actually needed.

Remove support for TLSv1, TLSv1.1 and add support for TLSv1.3
Add webdav.cert_choices method

Convert to using the default mpm for webdav. mpm_prefork was
crashing on a NULL dereference and is most likely not a great
choice for our purposes..

Since this change means that apache server is no longer setuid,
ensure that apache is running as webdav rather than www-data
so that users don't lose access to files written by webdav.

The "-N 2" option was copied over from the nfs-kernel-server mako
file where it disabled the NFSv2 protocol. In this case, '-N'
option actually prevents rpc.statd from starting.