monitor static components for out of date mirrors

In the tor-nagios-checks, we had a dsa_check_staticsync "command" that was actually running:

    command_line    /usr/lib/nagios/plugins/dsa-check-mirrorsync --host "$ARG1$" --path .serial --unix --ssl

... which is this shell script. This "command" was called on a hardcoded list of sites that was manually maintained in the nagios-master.cfg config file.

Now, as long as monitoring is properly setup in Puppet (through ssl::service), we have some monitoring. But we don't actually check the .serial file the way this does, which means mirrors could go out of sync and we wouldn't detect it.

Essentially, what the script does is resolve the IP address of all servers behind a given site, pull a file (above: .serial) from each, treat is as a unix timestamp, and compare the timestamps between the different mirrors. There's code to tolerate a certain "skew" between servers, but that codepath wasn't used in our configuration.

It would therefore be sufficient to pull the serial from all of the mirrors, store that in Prometheus, and alert if there's a difference among the fleet.

This was planned to be replaced but seems to have fallen through the cracks. I only found out because of #41816 (closed).