[Docs] Set cn_map permissions/owner

This patch provides documentation for:

  If8b31cdc192bcbfe519dc9ec1e6b458309269f42

Implements: blueprint security-rhel7-stig
Change-Id: I6b2733dafcf42b940ae1c0bf5d3163b765864353

doc/metadata/rhel7/RHEL-07-040050.rst

@@ -1,7 +1,11 @@
 ---
 id: RHEL-07-040050
-status: not implemented
-tag: misc
+status: exception - manual intervention
+tag: file_perms
 ---
 
-This STIG requirement is not yet implemented.
+This control requires that ``/etc/pam_pkcs11/subject_mapping`` exists on the
+system. It is only required on systems that use PKI-based authentication.
+
+Deployers should perform this step manually based on the needs of their
+authentication configuration.

doc/metadata/rhel7/RHEL-07-040060.rst

@@ -1,7 +1,9 @@
 ---
 id: RHEL-07-040060
-status: not implemented
-tag: misc
+status: implemented
+tag: file_perms
 ---
 
-This STIG requirement is not yet implemented.
+The tasks in this role set the mode on ``/etc/pam_pkcs11/cn_map`` to ``0644``.
+If the file permissions are more restrictive than ``0644`` on the system, they
+are not changed.

doc/metadata/rhel7/RHEL-07-040070.rst

@@ -1,7 +1,8 @@
 ---
 id: RHEL-07-040070
-status: not implemented
-tag: misc
+status: implemented
+tag: file_perms
 ---
 
-This STIG requirement is not yet implemented.
+The default owner for ``/etc/pam_pkcs11/cn_map`` is ``root``. The role ensures
+that this default is maintained if the file exists.

doc/metadata/rhel7/RHEL-07-040080.rst

@@ -1,7 +1,8 @@
 ---
 id: RHEL-07-040080
-status: not implemented
-tag: misc
+status: implemented
+tag: file_perms
 ---
 
-This STIG requirement is not yet implemented.
+The default group owner for ``/etc/pam_pkcs11/cn_map`` is ``root``. The role
+ensures that this default is maintained if the file exists.