Add support for Pod Security Admission scanning

[spiarh]

Describe the solution you'd like

@vicenteherrera wrote a nice tool to statically check for Pod Security Standards levels. The tool uses the Pod Security Admission library from Kubernetes repository. https://github.com/vicenteherrera/psa-checker

Having this feature integrated into kubesec as a subcommand (something like kubesec psa-check) would be helpful for users as they could (e.g; in CI):

• first scan for security risk
• then validate in a second stage if the resource is compliant with the target PSA level

We could also consider adding some extra flags to kubesec scan with a new field in the output to do the previously mentioned in one stage:

Considering:

kubesec scan deploy.yaml --enable-psa-check --psa-level restricted

==> This would not break any existing usage as it is opt-in.

This could yield a result look like this

[
  {
    "object": "Deployment/nginx",
    "valid": true,
    "fileName": "deploy.yaml",
    "message": "Passed with a score of 0 points",
    "score": 0,
    "scoring": {
      "advise": [...]
    },
    "podSecurityAdmission": {
      "level": "restricted",
      "valid": false,
      "message": "Deployment nginx-deployment\n  PSS level restricted\n    Check 8 failed: allowPrivilegeEscalation != false\n      container \"nginx\" must set securityContext.allowPrivilegeEscalation=false\n    Check 9 failed: unrestricted capabilities\n      container \"nginx\" must set securityContext.capabilities.drop=[\"ALL\"]\n    Check 11 failed: runAsNonRoot != true\n      pod or container \"nginx\" must set securityContext.runAsNonRoot=true\n    Check 13 failed: seccompProfile\n      pod or container \"nginx\" must set securityContext.seccompProfile.type to \"RuntimeDefault\" or \"Localhost\"\n"
    }
  }
]