add an optional report_value attribute to all state entities in the oval-definitions-schema

[djhaynes]

This request came out of discussions at the 2010 Security Automation Developer
Days.

Here is a summary of the discussion that explains this optional attribute:

If the assumption can be made that a definition author knows which items are
most interesting to report then why not allow the author to highlight or flag
those items?

This proposal suggests adding an optional report_value attribute to all State
entities. This Boolean attribute would default to false and when true would
indicate that the system value(s) should be highlighted or reported in the OVAL
Results document. The current behavior would remain unchanged when the
report_value attribute is false.

The second component to this proposal is the addition of an
oval-res:observed_value element in the existing
oval-res:tested_item element. A oval-res:tested_item could
have an unbounded set of child oval-res:observed_value elements. Each
oval-res:observed_value would hold the name of the reported State
entity, the data type observed on the system, and the observed value.

In considering this proposal it is important to note that this is not a
complete solution. This solution would work quite well in simple cases, but
more complex definition criteria would remain difficult to process and
accurately report the underlying cause of a given Definition result. If
accepted this proposal would also result in even larger full OVAL Result
documents as it would essentially duplicate some of the data that is somewhat
buried in an OVAL Results document.

[djhaynes]

We started to write this issue up further, but decided to abort it and defer the
item for the 5.10 release. This is some additional documentation on this in resources/x-results-content-enumeration.