Allow for Focal prod VM installs using local packages

[zenmonkeykstop]

Description

Prod VM environments are currently Xenial-only:

• the /prod/ Vagrant VMs are based on bento/ubuntu-16.04
• currently not all securedrop core packages are available in focal flavour on FPF prod or test repos
• there is no way to use local packages during a fresh install.

It would be helpful for the migration process to be able to provision a Focal-based prod environment (using VMs or hardware) using local packages if required.

User Research Evidence

Dev team members request.

[zenmonkeykstop]

So far so good:

• Modified Vagrantfile to optionally use Focal base box (if env var set) - vagrant up runs without issues
• as there is no focal dist defined on apt-test, tried using the upgrade scenario's app server with some tweaking as a source of focal packages, which worked but is sub-optimal, an apt server defined and provisioned in same Vagrantfile as the prod VMs would be better
• not all required packages are available on local apt server (grsec kernels are missing) so the local apt server and and FPF apt are required. Tried setting up both by:
  • adding the local apt server via a custom playbook, after SSH creds are copied but before install playbook runs
  • modifying defaults to use apt-test as per usual (but could have just left this on prod apt now I think of it)

As focal packages aren't available at all on FPF repos, this works without explicitly prioritizing them (this would have to change once they are published tho). Installation completed successfully.