Allow users to manage /etc/audit/* group independent from $auditd::log_group

[nick-markowski]

Audtid configuration files in /etc/ should not be managed by auditd::log_group. Introduce a new variable, ex. auditd::config_group. Modify $config_file_mode to utilize auditd::config_group as a ternary. Update all audit files managed within /etc/ to use the new auditd::config_group and update permissions as needed.

[Strik3ria]

We are facing issues stemming from this as well. We need to be able to modify the log group such that Filebeat can manipulate the log content at certain intervals. We are getting the symptoms from our Filebeat, but if I go into the container and manipulate the log file to be able to be managed by filebeat, I get a ton of permission denied log entries. I ultimately was able to change the auditd puppet module locally, hard coding the log file value itself, but this feels like a really hacky fix and like something I probably should not do in the grand scheme of things.