Apple Updates URL cannot be local file

[selfcommit]

This issue is being presented as an opportunity for the Github community to make any further suggestions about implementation before an attempt is made to implement a solution.

Work will start on or about July 13

Details from the Simian feature request doc are below:

Problem:
Apple SoftwareUpdateServerURL can not be a local file, as of OSX 10.11
This leaves only a public, or otherwise unauthenticated URL as the only working option.
It is NOT recommended to use a public URL, as this provides an attack surface.

Solution:
Use Simian's token system to generate a client specific, and short lived url for apple updates.

[maximermilov]

working on this right now.

Simian will include an auth token in the CatalogURL, and update it during it's hourly execution. This token could be client-specific, or organization-wide, with any expiration timeline >~1 hour. It could be a query parameter, or part of the path, and the filtered catalogs could be computed and served by App Engine on-demand. This seems like the cleanest approach, as it puts full control into our hands again, requires no client-side working around the new OS X restriction, and doesn't run another daemon which consumes memory/CPU/etc., must be monitored/etc.