feat: built-in OPA Rego policy-based configuration audit scanner

[danielpacak]

1. Perform synchronous configuration audit within reconciliation loop instead of
   creating Kubernetes Job objects and associated Secrets.
2. Configuration audits at scale with build-in controller-runtime workers.
3. Support NetworkPolicies, PodSecurityPolicies, Ingress, ResourceQuota, and
   possibly other resources.
4. Use OPA Go SDK to evaluate policies read from the starboard-policy-config
   ConfigMap, which is compatible with Conftest plugin and KubeEnforcer.
   This is just an MVP, but for production workloads OPA policies can be
   prepared for evaluation and cached similarly to what OPA server does.
5. Preinstall all Kubernetes policies from
   https://github.com/aquasecurity/defsec/tree/v0.14.0/rules/kubernetes
6. First step to deprecate and remove Polaris and Conftest plugins to streamline
   code, usages, and documentation.

Resolves: #889

Signed-off-by: Daniel Pacak pacak.daniel@gmail.com

[codecov]

Codecov Report

Merging #971 (461d763) into main (f4d9bea) will increase coverage by 0.42%.
The diff coverage is 68.99%.

@@            Coverage Diff             @@
##             main     #971      +/-   ##
==========================================
+ Coverage   58.17%   58.60%   +0.42%     
==========================================
  Files          62       65       +3     
  Lines        7866     8493     +627     
==========================================
+ Hits         4576     4977     +401     
- Misses       2826     3000     +174     
- Partials      464      516      +52     

Impacted Files	Coverage Δ
pkg/kube/object.go	51.83% <5.88%> (-1.98%)	⬇️
pkg/configauditreport/controller.go	59.80% <59.80%> (ø)
pkg/operator/operator.go	54.08% <76.92%> (+1.62%)	⬆️
pkg/policy/policy.go	80.75% <80.75%> (ø)
pkg/apis/aquasecurity/v1alpha1/common_types.go	100.00% <100.00%> (ø)
...g/apis/aquasecurity/v1alpha1/config_audit_types.go	100.00% <100.00%> (ø)
pkg/operator/etc/config.go	86.48% <100.00%> (+10.72%)	⬆️
pkg/starboard/config.go	75.00% <100.00%> (+0.25%)	⬆️
pkg/operator/controller/configauditreport.go	52.64% <0.00%> (-8.92%)	⬇️
pkg/operator/controller/vulnerabilityreport.go	55.79% <0.00%> (-1.53%)	⬇️
... and 3 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update afe2521...461d763. Read the comment docs.