Step 5 only rewrote the list-membership form (product in [...,"rhel10"]),
so the 7 shared rules using the equality form (product == "rhel10") fell
through to the generic else branch for almalinux10. Most visibly,
configure_custom_crypto_policy_cis emitted DEFAULT:NO-SHA1, but the NO-SHA1
subpolicy module was dropped from crypto-policies on EL10, so
'update-crypto-policies --set DEFAULT:NO-SHA1:NO-SSHCBC' failed. Now
almalinux10 follows the rhel10 branch (DEFAULT + self-created modules).
Also set auto_increment on the .alma.1 release suffix.
The updated upstream 0.1.80 SRPM adds PQC key support to
ensure_redhat_gpgkey_installed. Since AlmaLinux has no PQC keys,
the empty pqc_pkg_version/pqc_pkg_release values collide with
empty aux_pkg values, causing duplicate OVAL entity IDs. This patch
adds "almalinux" not in product to the 5 PQC conditionals.
Use add-almalinux10-support.sh to apply bulk sed/find operations during
%prep instead of maintaining a single large patch that must be regenerated
for each upstream version. Only non-scriptable changes remain as patches.
