Migrating misconfiguration checks from Go into Rego

[simar7]

As part of our continually improving the Trivy user experience, we've been working on transitioning the existing misconfiguration checks written in Go to Rego. This change offers several advantages:

1. Rego becomes the standardized way for Trivy users to write new checks. Previously we had a mix of Go and Rego misconfiguration checks which caused confusion for new users. Making all checks for all services that Trivy supports into Rego allows both new and experienced users of Trivy to write Rego checks more easily as we now have a plethora of examples to learn from.
2. As Go checks are static, they previously had to be compiled into the Trivy binary. While this is still true for the time being, going forwards it will not be needed as Rego checks can be dynamically loaded as part of the Trivy checks bundle from disk.
3. Distribution of Trivy checks now becomes even more easier as users simply have to download a new bundle to get new checks. We plan to automate the generation of new checks bundles periodically in the near future allowing an even faster distribution model for Trivy users to get new checks.

There is no change required as part of the move from Go to Rego for Trivy users. We've made sure that behind the scenes Trivy continues to operate as it does today.

If you'd like to try out our new checks bundle which contains Rego checks, you can do so today by passing the --include-deprecated-checks=false --checks-bundle-repository=ghcr.io/aquasecurity/trivy-checks:1 options with any misconfiguration scan starting from Trivy version v0.55.0 and above.

The new Rego checks bundle will be made as the default starting in Trivy version v0.56.0.