Add support for matching the lack of a pattern

[hrideshmg]

Hi, I'm not sure if this is currently possible, but it would be useful to check for patterns that should exist, in addition to detecting patterns that should not exist. This could maybe be implemented as a configuration option in the YAML file?

Certain security best practices recommend the presence of specific statements. For example, The OWASP Cheat Sheet suggests using a USER directive in Dockerfiles to prevent privilege escalation attacks. However, I don’t see a way to enforce this check using the current format.

[sanket-deepsource]

This is an interesting idea. Yes, this isn't possible in our current YAML format (or the checker API overall, for that matter) since the core design is to detect an anti-pattern, not an expected pattern. I'm sure there could be other scenarios where we'd like to assert a pattern.

One way of implementing this could be a global flag on the checker that essentially inverts the detection — it will alert if the pattern (using our existing framework) isn't detected.

@sourya-deepsource would love your thoughts on this.