Prerequisites

• This issue has an informative and human-readable title.

💡 Summary

Update the JSON output with new fields that were recently added to ScubaGear.

Motivation and context

• So users parsing the JSON can easily retrieve any rationales the user provided in their config file
• So users parsing the JSON can access the Details field before HTML content (i.e., the comments) was appended to it
• So users parsing the JSON can easily retrieve the remediation date or omission expiration date
• For consistency with M365

Implementation notes

See the M365 implementation here: cisagov/ScubaGear#1795

Add 4 new columns to each control result:

• OriginalResult: A string, what the result was before the annotations or omissions were processed, e.g., "Fail"
• OriginalDetails: A string, what the result details was before the annotations or omissions were processed, e.g., "Requirement met in all OUs and groups."
• Comments: An array of strings, containing the omission rationale and annotation comment, if provided. Empty array if neither was provided.
• ResolutionDate: A string, representing either the omission expiration date or annotation remediation date. If both were provided, the omission expiration date takes precedence. If neither was provided, the string "N/A"

Note that the OmittedEvaluationResult, OmittedEvaluationDetails, IncorrectResult, and IncorrectDetails fields are no longer needed. ScubaGear hasn't removed them yet to preserve backwards compatibility, but since ScubaGoggles is pre-1.0, we might consider just removing them now, since breaking changes aren't as much of a concern yet.

Acceptance criteria

• The 4 new fields have been added as described
• Decide if we should remove the OmittedEvaluationResult, OmittedEvaluationDetails, IncorrectResult, and IncorrectDetails fields
• Remove the above fields if that is the decision