tests: add a test for systemd reading kubernetes_file_t

In the downstream BZ#1973418 [1] we are tracking a fix to the SELinux
policy in `container-selinux` to allow `systemd` to read files labeled
`kubernetes_file_t`.  This affects the ability of the `kubelet` to
start successfully on RHCOS.

The problem also exists in Fedora/FCOS, so let's add a test for it.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1973418

tests/kola/selinux/kubernetes_file_t/config.fcc

@@ -0,0 +1,21 @@
+variant: fcos
+version: 1.3.0
+storage:
+    files:
+      - path: /etc/kubernetes/envfile
+        mode: 0644
+        contents:
+          inline: |
+            KUBE="FCOS"
+systemd:
+  units:
+    - name: kube-env.service
+      enabled: true
+      contents: |
+        [Service]
+        EnvironmentFile=/etc/kubernetes/envfile
+        ExecStart=/usr/bin/echo ${KUBE}
+        RemainAfterExit=yes
+        Type=oneshot
+        [Install]
+        WantedBy=multi-user.target

tests/kola/selinux/kubernetes_file_t/test.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+set -xeuo pipefail
+
+# This test makes sure that systemd can read files in /etc/kubernetes
+# Originally reported downstream in RHCOS, but found to affect FCOS too.
+# See: https://bugzilla.redhat.com/show_bug.cgi?id=1973418
+
+# We don't need to test this on every platform. If it passes in
+# one place it will pass everywhere.
+# kola: { "platforms": "qemu-unpriv" }
+
+ok() {
+    echo "ok" "$@"
+}
+
+fatal() {
+    echo "$@" >&2
+    exit 1
+}
+
+# verify the service didn't fail
+if [ $(systemctl is-failed kube-env.service) != 'active' ]; then
+    fatal "kube-env.service failed unexpectedly"
+fi
+ok "kube-env.service successfully started"
+
+# make sure the unit ran and wrote 'foo' to the journal
+if [ $(journalctl -o cat -u echo@foo.service | sed -n 2p) != 'FCOS' ]; then
+    fatal "kube-env.service did not write 'FCOS' to journal"
+fi
+ok "kube-env.service ran and wrote 'FCOS' to the journal"