env/freebsd-amd64: add doas configuration

We use the sample from /usr/local/etc/doas.conf.sample which allows
passwordless access for all users in the wheel group. We already add
swarming to the wheel group for su access.

For golang/go#70702.

Change-Id: I6a6a636cba478459c3ada9f61f3da04071289d78
Reviewed-on: https://go-review.googlesource.com/c/build/+/741262
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

env/freebsd-amd64/doas.conf

diff --git a/env/freebsd-amd64/doas.conf b/env/freebsd-amd64/doas.conf
new file mode 100644
index 0000000..35ef55e
--- /dev/null
+++ b/env/freebsd-amd64/doas.conf
@@ -0,0 +1,2 @@
+# Permit members of the wheel group to perform actions as root without entering the password.
+permit nopass :wheel

env/freebsd-amd64/make.bash

diff --git a/env/freebsd-amd64/make.bash b/env/freebsd-amd64/make.bash
index 6b5c45e..9224c8e 100755
--- a/env/freebsd-amd64/make.bash
+++ b/env/freebsd-amd64/make.bash
@@ -134,6 +134,7 @@
 
 mkdir -p iso/boot iso/etc iso/usr/local/etc/rc.d iso/usr/local/bin
 cp loader.conf iso/boot
+cp doas.conf iso/etc
 cp rc.conf iso/etc
 cp sysctl.conf iso/etc
 cp buildlet iso/usr/local/etc/rc.d
@@ -147,6 +148,7 @@
 cp /mnt/usr/local/etc/rc.d/buildlet /usr/local/etc/rc.d/buildlet
 chmod +x /usr/local/etc/rc.d/buildlet
 cp /mnt/boot/loader.conf /boot/loader.conf
+cp /mnt/etc/doas.conf /usr/local/etc/doas.conf
 cp /mnt/etc/rc.conf /etc/rc.conf
 cp /mnt/usr/local/bin/bootstrapswarm /usr/local/bin/bootstrapswarm
 cat /mnt/etc/sysctl.conf >> /etc/sysctl.conf