Improve security-scan's e2e validation with yamllint and kube-bench dry-run

[andypitcher]

Improve validation of the cfgs as soon as they get created/modified, by running yamllint (checking the structure of the yamls) and kube-bench dry-run (checking the correctness of the cfgs).

• Implement yamllint in script/validate
  • Add yamllint to script/validate to test cfg's yaml files security-scan#172
• Implement kube-bench dry-run to test the profiles in script/validate
  • Add kube-bench dry run to script/validate security-scan#173

[andypitcher]

Both PRs have been merged:

• Add yamllint to script/validate to test cfg's yaml files security-scan#172
• Add kube-bench dry run to script/validate security-scan#173

Ready to QA, with this RC: v0.2.14-rc3

[vivek-shilimkar]

Tested the CIS scan with RKE1, RKE2, and K3S clusters on Rancher v2.8.0-rc1 with respective profiles. Cluster scans passed. Though there are some failures those are expected. Hence closing the ticket.

Following scans fail on RKE1 and RKE2 clusters but those are expected and will be release noted.
One failure in RKE1 hardened cluster:

Mixed
4.1.7	Ensure that the certificate authorities file permissions are set to 600 or more restrictive (Automated)

Failures on RKE2 Node driver cluster

Fail
1.1.1	Ensure that the API server pod specification file permissions are set to 600 or more restrictive (Automated)
Fail
1.1.3	Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive (Automated)
Fail
1.1.5	Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive (Automated)
Fail
1.1.7	Ensure that the etcd pod specification file permissions are set to 600 or more restrictive (Automated)