In https://review.opendev.org/#/c/704725 we merged a change to
allow the agent to navigate read-only block devices. By default
we always failed on the more secure "erase_devices" clean step as
meta-data only erasure still leaves any sensitive information on
the storage medium.
That being said, it may be operationally okay for read-only devices
to be ignored during the "erase_devices" clean step. Only the
operator can make that call, and we should enable them to be able
to assert that in the configuration to IPA.
Change-Id: I475f0215eb0bd149c2d21e6962429181b63e8bdb