feat: update RPM packaging for core-only complyctl after provider split

[marcusburghardt]

Summary

Restore Fedora RPM packaging for complyctl after the provider repository split (spec 004). The complyctl RPM spec is simplified to deliver only the core CLI binary, man page, and owned provider directories. The openscap-provider sub-package and all provider-specific man pages are removed since providers are now distributed via the complytime-providers repository.

Changes in this PR (complyctl repo):

• complyctl.spec: Rewritten for core-only delivery — removes openscap-provider sub-package, builds only cmd/complyctl, adds man page (complyctl.1), adds vendor/modules.txt for automatic bundled provides, adds %doc README.md, changes Release to 1%{?dist}
• .goreleaser.yaml: Removes the openscap-plugin build entry (references removed cmd/openscap-plugin/)
• Makefile: Removes stale provider man page variables and build targets
• docs/man/c2p-openscap-manifest.*: Removed (provider-specific, belongs in complytime-providers)
• docs/man/complyctl.md: Fixes broken URL and removes stale provider man page reference
• docs/man/complyctl.1: Regenerated via make man
• docs/RELEASE_PROCESS.md: Documents independent release cycles for complyctl and complytime-providers Fedora packages
• specs/005-rpm-packaging-ci/: Full specification, plan, research, data model, contracts, and task breakdown

Companion PR needed (complytime-providers repo):

A separate PR will be submitted to complytime-providers with:

• complytime-providers.spec — two sub-packages (openscap + ampel), no main package
• .packit.yaml — full Packit CI/CD pipeline
• .fmf/version + plans/test-RPM-providers.fmf — Testing Farm integration

Related Issues

• Continuation of the provider repository split (spec 004)
• Prerequisite for complytime-providers: Fedora package review (manual, one-time)

Review Hints

• Review the three commits in sequence:

  1. Spec artifacts (docs:): specification, plan, research decisions, and task breakdown under specs/005-rpm-packaging-ci/
  2. Implementation (feat:): the actual packaging and documentation changes
  3. Cleanup (fix:): removal of stale provider man page files and Makefile cleanup

• Both rpmlint complyctl.spec and packit validate pass with zero errors.

• To build and test the RPM locally:

  # Download the source tarball
  spectool -g -R complyctl.spec
  
  # Build the SRPM
  rpmbuild -bs complyctl.spec \
    --define "_sourcedir $(pwd)" \
    --define "_srcrpmdir $(pwd)"
  
  # Build in mock (Fedora rawhide)
  mock -r fedora-rawhide-x86_64 rebuild complyctl-*.src.rpm
  
  # Verify the built RPM contains only expected files
  rpm -qlp /var/lib/mock/fedora-rawhide-x86_64/result/complyctl-*.x86_64.rpm
  
  # Expected: /usr/bin/complyctl, man page, LICENSE, modules.txt,
  #           README.md, and owned provider directories.
  # Must NOT contain any provider binaries.
  
  # Verify bundled provides are auto-generated
  rpm -qp --provides /var/lib/mock/fedora-rawhide-x86_64/result/complyctl-*.x86_64.rpm \
    | grep "bundled(golang"
  
  # Verify no provider dependencies
  rpm -qp --requires /var/lib/mock/fedora-rawhide-x86_64/result/complyctl-*.x86_64.rpm \
    | grep -E "complytime-providers|scap-security-guide" && echo "FAIL" || echo "PASS"

  Alternatively: packit build locally

• To verify GoReleaser:

  goreleaser check
  goreleaser build --snapshot --clean
  # Should produce only the complyctl binary, no openscap-plugin

• The Requires: complyctl >= 0.0.8 version in the companion complytime-providers spec is a placeholder — it should be set to the first release that includes the provider SDK rename (pkg/provider/).

[marcusburghardt]

@jpower432 and @gvauter , the spec here was very specific, so I proceed with the implementation already. I expect some other changes around release and packit when working with integration tests.