Management framework: place each Zeek process in its own working dir

This establishes a directory "nodes" in Management::state_dir and places each
Zeek process into a subdirectory in it, named after the Zeek process. For
example, node "worker-01" runs with cwd <state_dir>/nodes/worker-01/.

Explicitly configured directories can override the naming logic, and also ignore
the state directory if they're absolute paths. One exception remains: the
Supervisor itself -- we'd have to use LogAscii::logdir to automatically place it
too in its own directory, but that feature currently does not interoperate with
log rotation.

scripts/policy/frameworks/management/controller/boot.zeek

@@ -18,8 +18,22 @@ event zeek_init()
 	local sn = Supervisor::NodeConfig($name=epi$id, $bare_mode=T,
 	    $scripts=vector("policy/frameworks/management/controller/main.zeek"));
 
+	# Establish the controller's working directory. If one is configured
+	# explicitly, use as-is if absolute. Otherwise, append it to the state
+	# path. Without an explicit directory, fall back to the agent name.
+	local statedir = build_path(Management::get_state_dir(), "nodes");
+
+	if ( ! mkdir(statedir) )
+		print(fmt("warning: could not create state dir '%s'", statedir));
+
 	if ( Management::Controller::directory != "" )
-		sn$directory = Management::Controller::directory;
+		sn$directory = build_path(statedir, Management::Controller::directory);
+	else
+		sn$directory = build_path(statedir, Management::Controller::get_name());
+
+	if ( ! mkdir(sn$directory) )
+		print(fmt("warning: could not create controller state dir '%s'", sn$directory));
+
 	if ( Management::Controller::stdout_file != "" )
 		sn$stdout_file = Management::Controller::stdout_file;
 	if ( Management::Controller::stderr_file != "" )