fix(query): Revise list of unsafe sysctls in cluster_allows_unsafe_sysctls k8s rule

[Churro]

Problem

• Many containers run as root so that they can bind on ports < 1024. As this poses a certain security risk, Kubernetes v1.22 introduced the possibility to specify net.ipv4.ip_unprivileged_port_start in the sysctls of the securityContext of a pod. This enables also unprivileged users to bind on privileged ports. The K8s documentation therefore includes this sysctl in the safe set (see here). The current rule is not aware of that.
• Since Kubernetes v1.23, sysctl names may alternatively be spelled with a / as separator instead of a dot.
  This scheme is currently not supported.
• The current rule is not immediately actionable, as it doesn't point to the specific line with the problematic sysctl name

Proposed Changes

• Remediate false positive in case net.ipv4.ip_unprivileged_port_start is specified
• Support sysctl names with /
• Show targeted findings for each statement violating the rule
• Extend rule to also cover Deployment, StatefulSet, etc. resource kinds

I submit this contribution under the Apache-2.0 license.

[kicsbot]

Scan submitted to Checkmarx

[rafaela-soares]

Another great observation and refactor, @Churro 🚀 Thank you!

I only have a suggestion. If you agree, can you also add a negative sample related to the positive2.yaml, please? (It is not extremely required, but the more samples, the better)

[Churro]

Thank you for the review, @rafaela-soares! As requested, I added a negative test sample.

[rafaela-soares]

LGTM