Meaning of Authorized within file_permissions_unauthorized_suid and file_permissions_unauthorized_sgid is unclear

[ggbecker]

As a follow up from #4648, the meaning of authorized needs to be defined and well documented.

Second option would be creating a new rule to check for the authorization itself using some blacklist as recommended by following statement: - We make a new rule from this check (SU/SGID binaries come from RPMs), and we then reuse its check in the "Authorized" rule in connection with some blacklist in form of a variable.

For more details check the discussion on #4648

Originally posted by @matejak in https://github.com/ComplianceAsCode/content/pull/4648#issuecomment-529351774

[marcusburghardt]

@ggbecker , can we close this issue? Is it still relevant?