This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy
that enforces the usage of ReadOnlyRootFilesystems.
The policy inspects the securityContext of each container defined inside of
a Pod and ensures all the containers have the readOnlyRootFilesystem attribute
set to true.
The policy checks the both the pod.spec.containers and the init containers
too.
Containers that do not have a securityContext defined are rejected too.
That happens because, by default, the root filesystem of a container is
considered to be writable.
Ephemeral containers are not checked because, by Kubernetes definition, they
cannot have a securityContext.
The policy doesn't have any configuration.