Adds Mondoo GCP security policy and gitignore

[scottford-io]

This PR adds an initial default policy for GCP by Mondoo. It also adds a .gitignore to the project.

Each control has severity, audit, and remediation steps.

cnspec scan gcp --policy-bundle core/mondoo-gcp-security.mql.yaml 
→ loaded configuration from /Users/scottford/.config/mondoo/edge.yaml using source $MONDOO_CONFIG_PATH
! Scanning with local policy bundles will switch into --incognito mode by default. Your results will not be sent upstream.
! invalid github token via environment variable, ignoring it
→ discover related assets for 1 asset(s)
→ resolved assets resolved-assets=1
→ connecting to asset GCP project mondoo-dev-262313 (api)
→ client> send all results asset=//policy.api.mondoo.com/assets/blahblahblah
█████████████████████████████░░░░░░  83% GCP project mondoo-dev-foo
Data queries:

Controls:
✕ Fail:  Ensure that instances are not configured to use the default service account D 20
✕ Fail:  Ensure instances are not configured to use the default service account with full access to all Cloud APIs D 10
✕ Fail:  Ensure oslogin is enabled for compute instances C 30
✕ Fail:  Ensure "Block Project-wide SSH keys" is enabled for VM instances C 30
✕ Fail:  Ensure that Cloud Storage buckets are not anonymously or publicly accessible D 10
✕ Fail:  Ensure that Cloud Storage buckets have uniform bucket-level access enabled C 40


Summary
========================

Target:     GCP project mondoo-dev-262313
Score:      D    10/100     (100% completed)
✓ Passed:   0% (0)
✕ Failed:   ███████████████ 100% (6)
! Errors:   0% (0)
» Skipped:  0% (0)

Policies:
D  10  Google Cloud Security (GCP) by Mondoo

Signed-off-by: Scott Ford scott@scottford.io

[chris-rock]

woooooot

[chris-rock]

Thank you @scottford-io I added some nit pics