Y25-702 - As a team we would like to schedule OpenStack instance reboots after security updates that require them so that the updates are fully applied.

[TWJW-SANGER]

Describe the Housekeeping
As a team, we would like to schedule OpenStack instance reboots after security updates that require them so that the updates are fully applied.

This follows on from sanger/sequencescape#5340, which shows that our images are set to install security patches automatically.
However, many of these patches require a reboot to fully take effect, which is not happening automatically.

Fully applying these security updates should allow us to keep on Ubuntu 22.04 (Jammy) LTS until June 2027.

Acceptance Criteria

• Any systems that currently need rebooting to fully update already installed - are rebooted at 1 a.m.
• When any future security updates are installed that require a reboot. The reboot is scheduled to occur at 1 a.m.

Additional context
It seems that the Ubuntu unattended-upgrades package that installs the security updates already provides a mechanism to schedule a reboot at a specific time; it is turned off by default. See https://documentation.ubuntu.com/server/how-to/software/automatic-updates/#reboots

It would be sensible to ensure any re-creation or new OpenStack instance applies these reboot patterns too. I have not made this an acceptance criterion in case it made this story larger than it needs to be, as this functionality would only rarely be needed.