ROX-31524: Add policy section level validation

[dvail]

Description

A related change to the upcoming Sensitive File Activity work; this adds UI validation at the policy section (rule) level.

Please review with "Hide whitespace" on - there is a large indentation change in the yup validator.

The first instance of a validator to demonstrate usage is for Audit Log policies. Each section within the policy must contain both Kubernetes API verb and Kubernetes resource type criteria, otherwise server-side validation will display an error at the end of the policy creation wizard.

This change displays the error inline as soon as it is detected to improve the flow and UX of policy creation.

Future considerations

1. There is some value in having the backend expose an API that allows the validation logic to occur in one place instead. (As opposed to the change in this PR, which duplicates logic.) Due to there being a relatively low number of cases where this is needed, the validation logic not being complex, and policy criteria descriptors already being duplicated client side, I feel like this this is worthwhile over the work required to put an e2e solution in place.
2. There are a few more cases where criteria are co-dependent, I'll add these in a follow up.
3. It would be nice to have more policy validation errors show up at the point they occur, but this is out of scope for now.
4. I really would like to get some Cypress e2e tests added for the full policy creation flow in the future.

User-facing documentation

• [ ] CHANGELOG.md is updated OR update is not needed
• [ ] documentation PR is created and is linked above OR is not needed

Testing and quality

• [ ] the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
• [ ] CI results are inspected

Automated testing

• [ ] added unit tests
• [ ] added e2e tests
• [ ] added regression tests
• [ ] added compatibility tests
• [ ] modified existing tests

How I validated my change

change me!

[dvail]

This change is part of the following stack:

• #17642 ◀

_{Change managed by git-spice.}

[openshift-ci[bot]]

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

[rhacs-bot]

Images are ready for the commit at ad10a60.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.10.x-299-gad10a60c99.

[codecov[bot]]

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 49.04%. Comparing base (08201ba) to head (ad10a60). :warning: Report is 4 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #17642      +/-   ##
==========================================
- Coverage   49.04%   49.04%   -0.01%     
==========================================
  Files        2727     2727              
  Lines      201588   201588              
==========================================
- Hits        98863    98860       -3     
- Misses      94984    94986       +2     
- Partials     7741     7742       +1     

Flag	Coverage Δ
go-unit-tests	49.04% <ø> (-0.01%)	:arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:

• :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.