Add support for post-assessment Webhook

[phenixblue]

What would you like to be added:

Add functionality to allow for calling a user defined endpoint for policy failures (possibly passes as well).

Not sure if the granularity should be a single global configuration for a MagTape installation, different endpoint per policy, etc.

should be bypassed if no config is provided

should have a timeout value and should not cause a failure in the policy assessment if the call to the endpoint fails

ideally this can happen asynchronous and be non-blocking to the end-user request

Why is this needed:

to allow for integration with existing systems for alerting/reporting

[phenixblue]

Would be nice if this could become a sort of pluggable interface allowing users to define the specific endpoint, a templates request, and expected response.

If this is done, the existing Slack alerts may be able to be migrated to this pluggable interface

[ilrudie]

In the past we'd talked about a gRPC-based sidecar service to enable offloading of the alerting work from the primary MagTape.

1. create a protocol buffer definition for message/alert "type" and service (proto3)
2. implement sidecar which implements the service (go?)
3. implement the python client functions to build a message/alert from a policy result and offload messaging to the gRPC service

If we still fancy exploring this route I think we can begin work on the protocol buffer piece and try to get an idea what the API's input and output may look like.

[phenixblue]

Sounds good. Assigning to you @ilrudie . Reach out whenever you want to sync on this.