[DFSM] Support live updates on compute nodes.

[gmarciani]

Description of changes

Add support for live updates on compute nodes, using cfn-hup. In particular:

• Move definition of dna.json from compute user data to compute launch template. In this way changes to cluster config file, which are reflected to the dna.json, are reflected on the launch template and so detectable by cfn-hup.
• Add cfn-hup configuration files.
• Add cluster config versioning to the dna.json.
• Add permissions for compute nodes to describe the resources in the compute fleet nested stack, required by cfn-init and cfn-hup to describe the stack and detect updates.
• Add permissions for compute nodes to read/write items in the DDB table, required to put the version of the cluster config file deployed in the nodes.
• Relaxed the unit test test_cluster_config_limits to unblock these changes by reducing the maximum number of queues validated by the test from 50 to 46. We will revert this relaxation in a follow up PR where we will be able to move the content causing the limit breach from the template to the AMI.
• Added new unit tests covering IAM permissions for compute nodes and generation of dna.json (generation of cfn-hup config file intentionally not covered by unit tests because we should move it to cookbook in the short term).
• Ignore bandit rules B036 and B038, that started failing in this PR but not due to the changes included in this PR (all B038 findings are also false positive)

This PR relies on aws/aws-parallelcluster-cookbook#2614

Tests

• Existing unit tests (some of them are still failing, this is the reason why the Pr is still in draft)
• New unit tests covering IAM permissions for compute nodes and generation of dna.json.
• Manual testing: cluster creation + forced update verifying that the update succeeds and the log line proving it is emitted see [DFSM] Support live updates on compute nodes. aws-parallelcluster-cookbook#2614).
• Integ test test test_update_slurm succeeded.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (2b10b88) 90.20% compared to head (088ce00) 90.21%.

❗ Current head 088ce00 differs from pull request most recent head 9ad63df. Consider uploading reports for the commit 9ad63df to get more accurate results

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #6003      +/-   ##
===========================================
+ Coverage    90.20%   90.21%   +0.01%     
===========================================
  Files          180      180              
  Lines        15808    15818      +10     
===========================================
+ Hits         14259    14270      +11     
+ Misses        1549     1548       -1     

Flag	Coverage Δ
unittests	90.21% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[enrico-usai]

The change looks good to me. I verified that all the variables used in the user-data.sh of the compute node are still populated and that we just moved the variables required for dna.json.