Enable use of multiple URLs in hardening manifest resources

Background

It has been requested that POPs permit users to provide more than one URL for a single resource w/in a hardening manifest. These resources will still have to validate against a singe shasum, and CANNOT have an auth key, as this would mean sending auth to more than one endpoint, and lead to a potential leak of creds.

AC

• jsonschema validation allows for new key of urls which has a value of an array of URLs
  • schema validation checks that and auth section does not exist on resources using the urls feature
• Update import artifacts to handle multiple URLs
  • Update to handle new urls key
  • Test on project with url and urls in the same HM

Dod

• New feature has been tested in pipeline-test-project
  • Confirm that the new feature fails when appropriate
• Confirm exiting functionality is unaffected via testing w/pipeline-test-project