feat: Complete port of all KNELServerBuild components to FetchApply

- Add secharden-audit-agents functionality to security-hardening
- Create unattended-upgrades initializer for automatic security updates
- Port Dell-specific scripts (fixcpuperf, fixeth, omsa) to dell-config
- Port sslStackFromSource.sh to ssl-stack initializer (dev systems only)
- Create ldap-auth placeholder for future Cloudron integration
- Update server class to include all initializers
- Update security role to include unattended-upgrades
- Add build dependencies to packages for SSL stack compilation
- Update README with comprehensive documentation of all initializers

Now all components from KNELServerBuild are successfully ported to FetchApply,
including previously missed security modules, Dell server scripts, and RandD components.

Future migration path clear: Salt for ongoing management, Ansible for ComplianceAsCode.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>

initializers/unattended-upgrades/apply

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# KNEL Unattended Upgrades Initializer
+# Configures automatic security updates based on Debian unattended-upgrades
+
+set -euo pipefail
+
+echo "Running unattended upgrades initializer..."
+
+# Install unattended-upgrades
+DEBIAN_FRONTEND="noninteractive" apt-get -y install unattended-upgrades
+
+# Configure unattended-upgrades
+if [[ -f ./configs/50unattended-upgrades ]]; then
+    cp ./configs/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
+fi
+
+# Copy auto-upgrades configuration template
+if [[ -f ./configs/auto-upgrades ]]; then
+    cp ./configs/auto-upgrades /etc/apt/apt.conf.d/auto-upgrades
+fi
+
+# Enable unattended-upgrades service
+dpkg-reconfigure -f noninteractive unattended-upgrades
+
+echo "Unattended upgrades initializer completed"