Revisit OVAL for "accounts_max_concurrent_login_sessions" rule to follow proper order of setting directives

[iankko]

See #1316 (comment) and https://access.redhat.com/solutions/199993 -- the settings from /etc/security/limits.conf and /etc/security/limits.d/*.conf are parsed (honoured) in the following order:

After reading /etc/security/limits.conf, individual files from the
/etc/security/limits.d/ directory are read. The files are parsed one after another in
the order of "C" locale. So the order will be special characters, numbers in
ascending order, uppercase letters and lowercase letters in alphabetical order.
If two files have same entry, then the entry read last will be taken in effect.

Current accounts_max_concurrent_login_sessions OVAL implementation doesn't follow this logic -- having e.g. configuration like:

/etc/security/limits.conf:63:*       hard    maxlogins 1
/etc/security/limits.d/90-maxlimits.conf:1:*       hard    maxlogins 14

It will incorrectly report PASS even when it should FAIL (since 14 is the final value that will be used / honoured as a setting for maxlogins directive according to the aforementioned order).

We need to rewrite the shared OVAL for accounts_max_concurrent_login_sessions to follow the checks in aforementioned order.

[redhatrises]

Only thing left to resolve in this PR is validating multiple maxlogins in /etc/security/limits.d/*.conf before this issue can be considered resolved.

[yuumasato]

Fixed in #1487.