[master] Distribute saltexts in salt-ssh thin package

[lkubb]

What does this PR do?

Adds packages that provide a salt.loader entrypoint to the Salt-SSH thin archive.

What issues does this PR fix or reference?

Fixes: #66559

(marginally related: saltstack/salt-bootstrap#1975 https://gitlab.com/saltstack/pop/heist-salt/-/issues/9 https://gitlab.com/saltstack/pop/heist-salt/-/issues/73)

Previous Behavior

No way of using Salt extensions via Salt-SSH

New Behavior

Salt extensions can work via Salt-SSH

Merge requirements satisfied?

• Docs
• Changelog - https://docs.saltproject.io/en/master/topics/development/changelog.html
• Tests written/updated

Commits signed with GPG?

Yes

Additional context

Definite issues:

• Extension requirements are not included (same as for custom extmods - but in many cases they could be, I suspect, at least explicitly - defined by the extension.)

Possible issues:

• Not sure if I'm missing something obvious, this is very far out of my comfort zone
• The entry_points.txt file stats are not set at all (we could just include the file itself if the filtering is unnecessary, but I'm not exactly sure how to get the absolute path to it without accessing an internal attribute)
• No support for the alternatives system in the current form

I don't think this has any security implications since the modules are loaded on the master anyways.

[lkubb]

@max-arnold You might be interested in this.

It would be awesome if @s0undt3ch could leave a comment [since you're probably the most knowledgeable in this domain :)].

[max-arnold]

Cool, thanks for tagging me!

Didn't test your changes yet (will have some time next week), but there are two features this might potentially interfere with (i.e. worth checking):

1. Does it work with enable_ssh_minions master mode?
2. Are there potential implications/duplication related to --min-extra-modules and --thin-extra-modules options for salt-ssh CLI?

Also, are there any downsides of enabling this flag by default? I guess this can be done via Saltfile if someone doesn't want to always specify the CLI flag, but maybe this option being True by default will result in a better experience out of the box?

[lkubb]

Cool, thanks for tagging me!

Thanks for answering :)

Also, are there any downsides of enabling this flag by default? I guess this can be done via Saltfile if someone doesn't want to always specify the CLI flag, but maybe this option being True by default will result in a better experience out of the box?

Two (likely minor) issues that come to mind are a) a minor processing overhead b) possibly some issues where new libs are introduced into an environment that weren't there before.
I agree we should consider making this the default behavior if it seems stable though.

Note: Since thin_include_saltexts is read from opts, it should be possible to just enable it in the master opts. I didn't do it like that in the test since it was more straight-forward with the flag, but will test manually if it works as intended.

1. Does it work with `enable_ssh_minions` master mode?

If enabled in the master opts, it should work.

2. Are there potential implications related to `--min-extra-modules` and `--thin-extra-modules` options for `salt-ssh` CLI?

min) This does not touch gen_min at all - Should it? I'm not familiar with it tbh.
thin) Something that comes to mind is that if a saltext or one of its submodules is specified in there, it might be included twice. Not sure if that causes issues, but it might be a good precaution to at least deduplicate the autodiscovered mods from the existing ones.

[max-arnold]

I too have no idea what --min-extra-modules does (and what "Minimal Salt" is used for), mentioned it just in case