feat: add cisbenchmark checks for session 1.3, 1.4, and 2

[josedonizetti]

Signed-off-by: Jose Donizetti jdbjunior@gmail.com

Adds rules for session 1.3, 1.4 and 2. This is my first time writing opa, let me know if you see anything that can be improved.

aquasecurity/trivy#2200

cisbenchmark version: V1.23

"KCV0033": "1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriate (Manual)",
"KCV0034": "1.3.2 Ensure that the --profiling argument is set to false (Automated)",
"KCV0035": "1.3.3 Ensure that the --use-service-account-credentials argument is set to true (Automated)",
"KCV0036": "1.3.4 Ensure that the --service-account-private-key-file argument is set as appropriate (Automated)",
"KCV0037": "1.3.5 Ensure that the --root-ca-file argument is set as appropriate (Automated)",
"KCV0038": "1.3.6 Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)",
"KCV0039": "1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)",
"KCV0040": "1.4.1 Ensure that the --profiling argument is set to false (Automated)",
"KCV0041": "1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)",
"KCV0042": "2.1 Ensure that the --cert-file and --key-file arguments are set as appropriate (Automated)",
"KCV0043": "2.2 Ensure that the --client-cert-auth argument is set to true (Automated)",
"KCV0044": "2.3 Ensure that the --auto-tls argument is not set to true (Automated)",
"KCV0045": "2.4 Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate (Automated)",
"KCV0047": "2.5 Ensure that the --peer-client-cert-auth argument is set to true (Automated)",

[josedonizetti]

@chen-keinan ^^

[josedonizetti]

@liamg @owenrumney This is ready for review now.