Update audit scripts for find log_file in file /etc/audit/auditd.conf

[mojtabatavakolzadeh]

Summary
This PR fixes incorrect handling of the log_file directive from /etc/audit/auditd.conf in the following hardening scripts:

• audit_log_directory_perms
• audit_log_group
• audit_log_perms
• audit_log_user

The original implementations fail when whitespace appears around the = sign in the configuration file, producing invalid paths and causing the checks to fail even on correctly configured systems.

Problem Description
Several scripts extract the audit log path using:

grep -E "^\s*log_file" "$AUDITD_CONF_FILE" | awk -F "=" '{print $2}'

This approach preserves leading whitespace. When auditd.conf contains:

log_file = /var/log/audit/audit.log

the extracted value becomes:

 /var/log/audit/audit.log
^ leading space

As a result:
dirname returns ' /var/log/audit' (with leading space)
stat and find operate on a non-existent path
Scripts fail with errors such as:

stat: cannot statx ' /var/log/audit': No such file or directory
find: ‘ /var/log/audit’: No such file or directory

[damcav35]

Hi @mojtabatavakolzadeh , thank you for your contribution.

Could you please add a test case with space in configuration, in the adequat tests ? https://github.com/ovh/debian-cis/tree/master/tests/hardening

So we ensure we wont have this issue back in the future