Exploration: use rego for defining rules

[vdemeester]

As of today, "rules" in catlin are hardcoded in go code. Ideally, we should be able to extend / modify rules based independently of the code. One idea would be to use rego and possibly opa as a library to be able to define rules "dynamically".

• Catlin would ship with a default set of rules (embedded)
• A user could override or add new rules with a configuration (in the repository, or global)

See, for example, https://github.com/enterprise-contract/ec-policies/blob/main/policy/lib/bundles.rego