Install and configure systemd-resolved on Bookworm AMIs

[mcdonnnj]

🗣 Description

This pull request modifies our Debian Bookworm based AMIs to use the stub DNS resolver from systemd-resolved.

💭 Motivation and context

This mirrors changes made for COOL AMIs made in cisagov/skeleton-packer#329 and discussed in https://github.com/cisagov/cool-system-internal/issues/140.

🧪 Testing

Automated tests pass. I built and deployed Bookworm AMIs using this change. I verified functionality with the following:

vulnscan1:~$ dig www.example.com

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47018
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	210	IN	A	93.184.215.14

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Aug 23 16:13:22 UTC 2024
;; MSG SIZE  rcvd: 60

vulnscan1:~$ dig +tcp www.example.com

; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> +tcp www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56242
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.example.com.		IN	A

;; ANSWER SECTION:
www.example.com.	184	IN	A	93.184.215.14

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (TCP)
;; WHEN: Fri Aug 23 16:13:48 UTC 2024
;; MSG SIZE  rcvd: 60

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• Changes are limited to a single goal - eschew scope creep!
• All relevant type-of-change labels have been added.
• I have read the CONTRIBUTING document.
• These code changes follow cisagov code standards.
• All new and existing tests pass.

[dav3r]

👍