Update MSI validation resource to prevent false change reports

[murdok5]

What does this PR do?
The MSI validation resource (Exec) currently reports corrective change on each run. This modifies the resource with an unless parameter to prevent false positives on reporting.

Motivation
Working on this integration for a customer.

Additional Notes
n/a

Describe your test plan
I tested this on Windows 2016 and 2019 in my lab.

[albertvaka]

Thanks for fixing the (bad) behavior here! Is the syntax you used in unless documented somewhere? I had never seen it before.

[murdok5]

@albertvaka yeah exec statements can be hard because they will always report "change" even if they do nothing. There are 2 parameters that can have other execs to gate the "real" exec. these are unless and onlyif.

Aside from that, is there a reason to check for those specific hashes? Eventually I assume those installers would not exist anywhere and thus be unnecessary in the code as a check.

[albertvaka]

The syntax I was more curious about was the use of @(ACCEPTABLE) and | ACCEPTABLE within the onlyif block, and the fact that the whole script is not a quoted string (while it always is in the docs you link). It's quite more readable this way!

About the hash check... honestly it is not that useful anymore unless you are installing the MSI from an internal mirror (since, as you said, the bad versions do not exist anymore on our repo). We decided to keep the check for those installing from local mirrors, but we should revisit that at some point for the sake of code simplicity.