add cel-based policies

[sozercan]

No description provided.

[stale]

This issue/PR has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

[maxsmythe]

still salient

[sozercan]

Notes from March 13, 2024 community meeting:

• User configurable priority for rego vs vap (use-vap is a better option here so no need)
• Max to find which min version of gk is required for multiple policies per CT min version required is v3.12 (see below)
• Gator unit and conformance tests for K8sNativeValidation CEL (need flag to enable)
• Rely on gator only instead of standalone unit tests
• If multiple versions, add K8sNativeValidation CEL to last version only
• Rego and cel must be in parity for pr for existing CTs
• New policies will need to have both K8sNativeValidation CEL and Rego for a TBD period
• Update website and ArtifactHub to indicate “supports K8sNativeValidation CEL/Rego”

[maxsmythe]

WRT min version for multiple languages per CT:

• This was the commit: chore: Upgrade CF for multi-engine gatekeeper#2616
• v3.12.0 added recognition of multi-engine schema (Rego still required to avoid validation errors)

[JaydipGabani]

Tracking the migration with #541