Create a csv "action plan" output

[adhilto]

💡 Summary

Create a csv version of the output with a row for each failed SHALL control and the following columns:

• "Control ID"
• "Requirement"
• "Result"
• "Criticality"
• "Details"
• "Non-Compliance Reason"
• "Remediation Completion Date"
• "Justification"

The final three columns are left blank, the csv will serve as a prepopulated template users can use to document any plans if they so choose.

Motivation and context

• To assist users with documentation
• For consistency with ScubaGear

Implementation notes

See https://github.com/cisagov/ScubaGear/blob/main/docs/execution/reports.md for a description of the file produced by ScubaGear.

This CSV file contains the test results in a format that could be automatically parsed by a downstream system, filtered down to just failing "SHALL" controls. For each failing test, it includes fields where users can document reasons for failures and timelines for remediation, if they so choose.

See the ConvertTo-ResultsCsv of function for the implementation on ScubaGear: https://github.com/cisagov/ScubaGear/blob/e25a15b017e81917dab64c1877fa9beb4e0b8bfe/PowerShell/ScubaGear/Modules/Orchestrator.psm1#L918C10-L918C30

Also see the Format-PlainText function: https://github.com/cisagov/ScubaGear/blob/e25a15b017e81917dab64c1877fa9beb4e0b8bfe/PowerShell/ScubaGear/Modules/Orchestrator.psm1#L826C10-L826C26. The details and requirement columns often contain HTML elements that don't necessarily belong in a csv file. That function reforms the HTML to be plain text. The output of ScubaGoggles will have different needs, but we'll want a similar function here too. 

Acceptance criteria

• An action plan csv is produced
• HTML elements are appropriately handled