Fix missing denial reason when a signal request to a non-init process is denied

This happens if the container.signals list contains relevant signals, but the
process's signals list does not allow the signal.

Old:
     {"decision":"deny","input":{"argList":["/bin/sleep","infinity"],"containerID":"0971693a04cdd4f2eeefc569754b5cd8046ec0b7c7ed6899bb3dec0dd45ba735","isInitProcess":false,"rule":"signal_container_process","signal":9},"reason":{"errors":[]}}
Now:
     {"decision":"deny","input":{"argList":["/bin/sleep","infinity"],"containerID":"3873bfc939e2415892b5b74a7b1dbade0f7222e266df43df85968ddda59be56e","isInitProcess":false,"rule":"signal_container_process","signal":9},"reason":{"errors":["target isn't allowed to receive the signal"]}}

Signed-off-by: Tingmao Wang <tingmaowang@microsoft.com>

Author: micromaomao

pkg/securitypolicy/framework.rego

@@ -1488,11 +1488,13 @@ errors[mountError] {
 default signal_allowed := false
 
 signal_allowed {
+    input.isInitProcess
     some container in data.metadata.matches[input.containerID]
     signal_ok(container.signals)
 }
 
 signal_allowed {
+    not input.isInitProcess
     some container in data.metadata.matches[input.containerID]
     some process in container.exec_processes
     command_ok(process.command)