[CSPM] Compliance module: improve err report and fix tests

[jinroh]

What does this PR do?

• Make the module work for processes running outside of a container
• Improve the error reporting of the compliance module by reporting the error string as part of the response body.

Also fixes and improve the tests:

• remove the symlink chmod (was failing locally for some contributors)
• check the proper result when no configuration path has been found.

Motivation

Additional Notes

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

Reviewer's Checklist

• If known, an appropriate milestone has been selected; otherwise the Triage milestone is set.
• Use the major_change label if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote.
• A release note has been added or the changelog/no-changelog label has been applied.
• Changed code has automated tests for its functionality.
• Adequate QA/testing plan information is provided if the qa/skip-qa label is not applied.
• At least one team/.. label has been applied, indicating the team(s) that should QA this change.
• If applicable, docs team has been notified or an issue has been opened on the documentation repo.
• If applicable, the need-change/operator and need-change/helm labels have been applied.
• If applicable, the k8s/<min-version> label, indicating the lowest Kubernetes version compatible with this feature.
• If applicable, the config template has been updated.

[pr-commenter]

Bloop Bleep... Dogbot Here

Regression Detector Results

Run ID: 2a06656f-6e23-4e4b-a4c8-8c9f109ed301
Baseline: 7535b8d
Comparison: 41804d5
Total CPUs: 7

Performance changes are noted in the perf column of each table:

• ✅ denotes better comparison variant performance
• ❌ denotes worse comparison variant performance

Explanation

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

3. Its configuration does not mark it "erratic".

No interesting changes in experiment optimization goals with confidence ≥ 90.00% and |Δ mean %| ≥ 5.00%.

Experiments with missing or malformed data

• dogstatsd_string_interner_128MiB_100
• dogstatsd_string_interner_128MiB_1k
• dogstatsd_string_interner_64MiB_100
• dogstatsd_string_interner_64MiB_1k
• dogstatsd_string_interner_8MiB_100
• dogstatsd_string_interner_8MiB_10k
• dogstatsd_string_interner_8MiB_1k
• dogstatsd_string_interner_8MiB_50k
• file_tree
• idle
• otel_to_otel_logs
• tcp_dd_logs_filter_exclude
• tcp_syslog_to_blackhole
• trace_agent_json
• uds_dogstatsd_to_api

Usually, this warning means that there is no usable optimization goal data for that experiment, which could be a result of misconfiguration.

Fine details of change detection per experiment

perf	experiment	goal	Δ mean %	Δ mean % CI	confidence
❌	trace_agent_msgpack	ingress throughput	+0.00	[-0.00, +0.00]	0.00%
❌	dogstatsd_string_interner_8MiB_100k	ingress throughput	-0.00	[-0.00, +0.00]	6.56%
❌	file_to_blackhole	egress throughput	-0.13	[-6.29, +6.03]	2.70%