[WIP] Limit parser target redirect to allowed list

[ben-grande]

Limits the parameters target= and default_target= to targets that have no previous deny rule. The previous rule file name and line number is not known and a general information is reported.

Reported-by: unman [email protected]
Fixes: QubesOS/qubes-issues#8227

[codecov]

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (9670cb5) 75.43% compared to head (ebc6a3c) 75.44%.

Files	Patch %	Lines
qrexec/policy/parser.py	71.42%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #133      +/-   ##
==========================================
+ Coverage   75.43%   75.44%   +0.01%     
==========================================
  Files          52       52              
  Lines        8874     8882       +8     
==========================================
+ Hits         6694     6701       +7     
- Misses       2180     2181       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ben-grande]

Currently fails because collect_targets_for_ask removes valid values such as @adminvm and @dispvm.

Waiting for discussion of

• RPC policy rule syntax: the difference between target= and default_target= can be confusing qubes-issues#7723

before continuing.