[TUF autoupdater] Remove osquery client dependency

[RebeccaMahany]

Relates to #954.

This PR extracts the osquerier dependency from the library, so that we can init the library before we have an osquery client.

It also pulls out a shared function for sorting versions in the library for reuse later.

Adds a small amount of documentation about how to generate mocks with mockery, since it's done in a slightly non-standard way in this package.

Future work + linked PRs

Subsequent PRs will tackle the following (order is not set in stone):

1. A new implementation of findNewest -- already in progress here: [TUF autoupdater] Check out latest #1185
2. Point to release file <binary>/<os>/<arch>/<channel>/release.json, once available
3. Trigger a reload/restart after a successful update; launcher init performs version selection using the new update library (potentially falling back to findNew); launcher performs library tidying after version selection
4. Other improvements/refactors (ship a more up-to-date TUF repo, maybe split library parts of autoupdate/tuf out into its own package)
5. An "update now" functionality tied to control server
6. Eventually removing the old notary autoupdater

Previous work:

1. Run new TUF autoupdater side-by-side with notary autoupdater #1081
2. Expose data and metrics about new TUF autoupdater #1103
3. Point to production TUF infra #1108
4. Perform retry on TUF update #1110
5. Add library manager to handle TUF downloads #1111
6. Small autoupdate improvements #1119
7. Pass knapsack in to tuf autoupdater to simplify configuration #1168

[directionless]

Hrm. So how will this get used?

1. installed as 1.0.8
2. upgraded to 1.0.9
3. downgraded to 1.0.8

So what is executed?

My gut sense is that the complexity isn't worth it, and just downloading 1.0.8 is fine

[RebeccaMahany]

Pulled it out, more trouble than it was worth!

[directionless]

Having slept on it... I think we need something here.

There's a case that's like:

1. installed as 1.0.8
2. stable is 1.0.8
3. download 1.0.8

And that feels kinda -_-

Bt my inclination would be to push the initial versioning to main or potentially even the packaging layer.

[directionless]

Main might be clean enough. I think the hardest part here was the find-binary code. And main / extension setup should know that

[directionless]

I feel like I'm talking myself in circles here. I'm sorry the requirements aren't more clear.

[RebeccaMahany]

I've just wrapped up this commit 72db950, which I think handles what we're talking about:

1. install version is 1.0.8
2. current running version is therefore 1.0.8
3. there is no update downloaded for 1.0.8
4. we see that current running version is 1.0.8 so we don't perform the download

[directionless]

I'm not sure I understand all the nuance here, but the code feels like the right shape.