[Task]: Add ability for ScannerRule to execute enforcement actions from a CinderPolicy #16123
Description
Description
Like #16122 but for scanners: add ability for scanners rules to link to a CinderPolicy. When the rule is matched, when we execute scanner actions, split into 2:
- Execute the most impactful action as we do now
- Find all
CinderPolicymatched rules are attached to, and create and execute a decision with all the relevant enforcement actions (depends on [Task]: Allow policy violations to execute follow-up delayed blocks actions on top of the negative action for the entity #16120)
This would eventually replace the Disable and block scanner action, as this action would be made available to specific policies. Open question: how to re-implement the safeguards we have in that scanner action, to avoid automatic decisions if there are successful appeals or if the add-on belongs to a usage tier that should disallow that.
Acceptance Criteria
- item 1
┆Issue is synchronized with this Jira Task