Summary

Add support for blocking (and logging) USB devices.

Use case

Some environments (and/or security policies) make it necessary to disable all unused interfaces, this includes USB.
By adding the usbguard package and exposing it's config we can give the user the option to allow or deny usage of (certain) USB ports/devices.
Depending on the implantation the default could be denying everything during boot and only allowing things after the config was loaded or only applying the rules after loading the config.
A broken config could make debugging harder with all usb ports disabled and probably would require a serial connection.

Additional information

Usbguard is already upstream in debain (https://packages.debian.org/source/trixie/usbguard).
It can be configured with config files or by calling its CLI