Added support for multiple directories to deploy OOD extensions/customizations

[abujeda]

Experimental feature to add support for a folder based OOD extensions structure.
The idea being that administrators can deploy OOD extensions by copying a folder to the new plugins directory.

More infor about the idea in #3916

To test:
Create the plugins folder: /var/www/ood/apps/plugins
Download the attached zip file. It contains a folder with an OOD extension.
Add the folder, session_metrics, into the plugins directory.

/var/www/ood/apps/plugins
│── session_metrics
│    ├── initializers
│    ├── lib
│    └── views

The attached zip file is an OOD extension to add Job metrics to the session card.
It requires a Slurm job scheduler to work.

session_metrics.zip

Fixes #3916

[johrstrom]

This should probably be /etc/ood/config/plugins. Stuff in /var/www/ood will be overwritten on updates.

[abujeda]

fixed

[johrstrom]

I think we should likely have additional checks here for root owned files in production. I just want to be extra doubly sure that what we load in production is indeed given by an administrator.

        init_dir = installed_plugin.join("initializers")
        safe_load = init_dir.children.all? { |f| File.stat(f.to_s).uid.zero? }
        config.paths["config/initializers"] << init_dir if safe_load

@treydock any additional thoughts here on loading trusted files?

[abujeda]

I understand the need to make sure that the configuration is given by an admin, but why is this different from the ones we use for load_external_config?, ::Configuration.config_root (/etc/ood/config/apps/dashboard)?

[johrstrom]

We should patch those too, we just haven't.

[abujeda]

I made a change to verify that the plugin folders are owned by root when in production