Add support for scheduled queries to run at startup

[Micah-Kolide]

This PR adds a new field for scheduled queries startup_priority which if set to a non-default value will run queries in ascending order once osqueryd starts the SchedulerRunner.

I've tested this a fair amount on MacOS, and I've attached time table of my tests showing when osqueryd initialized and when it executed the defined scheduled queries.
Time Table.csv

Here are some logs also showing the example change:

I0219 17:35:35.824323 107137088 dispatcher.cpp:78] Adding new service: SchedulerRunner (0x60000121c558) to thread: 0x17039f000 (0x6000029293c0) in process 25893
I0219 17:35:35.824326 1881698304 eventfactory.cpp:410] Event publisher fsevents run loop terminated for reason: Publisher disabled via configuration
I0219 17:35:35.824347 1882845184 scheduler.cpp:120] Executing scheduled query test_startup_priority_0_int_400: select * from processes
I0219 17:35:35.890591 1882845184 scheduler.cpp:201] Found results for query: test_startup_priority_0_int_400
I0219 17:35:35.890978 1882845184 scheduler.cpp:120] Executing scheduled query test_startup_priority_1_int_120: select * from processes
I0219 17:35:35.942234 1882845184 scheduler.cpp:201] Found results for query: test_startup_priority_1_int_120
I0219 17:35:35.942560 1882845184 scheduler.cpp:120] Executing scheduled query test_startup_priority_1_int_300_1: select * from processes
I0219 17:35:35.990871 1882845184 scheduler.cpp:201] Found results for query: test_startup_priority_1_int_300_1
I0219 17:35:35.991300 1882845184 scheduler.cpp:120] Executing scheduled query test_startup_priority_1_int_300_2: select * from processes
I0219 17:35:36.050416 1882845184 scheduler.cpp:201] Found results for query: test_startup_priority_1_int_300_2
I0219 17:35:36.050863 1882845184 scheduler.cpp:120] Executing scheduled query test_startup_priority_2_int_30_1: select * from processes
I0219 17:35:36.099247 1882845184 scheduler.cpp:201] Found results for query: test_startup_priority_2_int_30_1
...
I0219 17:36:05.949177 1882845184 scheduler.cpp:120] Executing scheduled query test_startup_priority_max_int_60: select * from processes
I0219 17:36:06.005627 1882845184 scheduler.cpp:201] Found results for query: test_startup_priority_max_int_60

[zwass]

Approved assuming no issue with my comment. Please take a look at that.

[zwass]

Is name here going to be the full name prefixed by the pack name? If not, is it possible that there's a bug in which two queries with the same name in different packs cause a collision in this code?

[Micah-Kolide]

name here is the full name with the prefix as well.

osquery/osquery/config/config.cpp

Lines 481 to 488 in 9e3535a

	void Config::scheduledQueries(
	std::function<void(std::string name, const ScheduledQuery& query)>
	predicate,
	bool denylisted) const {
	RecursiveLock lock(config_schedule_mutex_);
	for (PackRef& pack : *schedule_) {
	for (auto& it : pack->getSchedule()) {
	std::string name = getQueryName(pack->getName(), it.first);

osquery/osquery/config/config.cpp

Lines 472 to 479 in 9e3535a

	std::string getQueryName(const std::string& packName, const std::string& name) {
	// The query name may be synthetic.
	if (packName != "main") {
	return "pack" + FLAGS_pack_delimiter + packName + FLAGS_pack_delimiter +
	name;
	}
	return name;
	}

[Micah-Kolide]

A pack structure similar to:

"packs": {
  "test_pack_2": {
    "queries": {
      "test_startup_2": {...}
    }
  }
}

outputs: pack_test_pack_2_test_startup_2

[zwass]

Okay great! Thank you :)