Add policy to prevent asking password more than once on Debian

This is a polkit policy that is read when fs-admin invokes `dd` via
`pkexec` after trying to write into a restricted location. By specifying
`auth_admin_keep`, we are telling the polkit daemon to not prompt users
for a password again if they have already escalated privileges recently.

Co-Authored-By: Rafael Oleza <rafeca@github.com>

resources/linux/atom.policy

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+  <vendor>Atom</vendor>
+  <action id="atom.pkexec.dd">
+    <description gettext-domain="atom">Admin privileges required</description>
+    <message gettext-domain="atom">Please enter your password to save this file</message>
+    <annotate key="org.freedesktop.policykit.exec.path">/bin/dd</annotate>
+    <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
+    <defaults>
+      <allow_any>auth_admin_keep</allow_any>
+      <allow_inactive>auth_admin_keep</allow_inactive>
+      <allow_active>auth_admin_keep</allow_active>
+    </defaults>
+  </action>
+</policyconfig>

script/lib/create-debian-package.js

@@ -113,6 +113,12 @@ module.exports = function (packagedAppPath) {
     path.join(debianPackageLintianOverridesDirPath, atomExecutableName)
   )
 
+  console.log(`Copying polkit configuration into "${debianPackageShareDirPath}"`)
+  fs.copySync(
+    path.join(CONFIG.repositoryRootPath, 'resources', 'linux', 'atom.policy'),
+    path.join(debianPackageShareDirPath, 'polkit-1', 'actions', 'atom.policy')
+  )
+
   console.log(`Generating .deb file from ${debianPackageDirPath}`)
   spawnSync('fakeroot', ['dpkg-deb', '-b', debianPackageDirPath], {stdio: 'inherit'})