Clear Salt cache and synchronize Salt before installing/uninstalling

[eloquence]

Towards #527

Status

Ready for review

Test plan

• With the changes from this PR locally applied, attempt a clean production or staging install using securedrop-admin and observe whether you're able to reproduce Install failure: "Recurse failed: none of the specified sources were found" #527
• With the changes from this PR locally applied, attempt an uninstall using securedrop-admin, and observe whether you see any new issues not already tracked in Warnings on uninstall, package not removed #505

If you have made changes to the provisioning logic

• All tests (make test) pass in dom0 of a Qubes install (not run yet)

• No files added/removed

[eloquence]

While we're at it, it may be reasonable to add the package cache clean operation discussed in #505 to this PR, since both changes require fairly lengthy test runs to verify. If so, happy to investigate or add a commit with a preferred command.

[eloquence]

It's worth noting there's also qubesctl saltutil.clear_cache, which does leave some scaffolding in place, but is a bit less drastic. The removal is recommended by the qubes-mgmt-salt README here.

[conorsch]

Comparing the state after running each command:

• rm -rf /var/cache/salt removes everything, as you might expect
• qubesctl saltutil.clear_cache removes only files, but leaves the directories. that sounds acceptable to me, but given that the qubes docs are still technically recommending an rm, let's do that. We also have a recent report that these commands did indeed resolve an issue Install failure: "Recurse failed: none of the specified sources were found" #527 (comment)

[conorsch]

With the changes from this PR locally applied, attempt a clean production or staging install

As part of review, I'll transition a test machine from "prod" to "staging" env, running the --uninstall action first.

[conorsch]

The introduced of these additional calls doesn't show any problems for me. It's worth nothing that there's now an error message displayed:

[CRITICAL] Specific ext_pillar interface qvm_prefs is unavailable

but that message doesn't interfere with the install or uninstall actions. I suspect it's related to an ordering problem in how the upstream qubes modules (specifically qvm_prefs) are merged into the site salt config. Given the quest for stability in the install flow, I'd prefer to merge the changes proposed here, and we can circle back to redirect stderr to dev/null if desired.