kyvernoPolicies update to 3.3.4-bb.3

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/kyverno-policies/-/blob/3.3.4-bb.3/CHANGELOG.md

Package MR

big-bang/product/packages/kyverno-policies!227 (merged)

For Issue

Closes big-bang/product/packages/kyverno-policies#150 (closed)

Upgrade Notices

A new Kyverno Policy has been added which mutates pod specs to drop ALL capabilities in all containers if not already done. This policy works in tandem with the require-drop-all-capabilities policy to make it easier for SREs to securely deploy workloads to their clusters without having to explicitly modify the pod's containers' securityContexts to be compliant.

If Big Bang consumers are currently excluding certain workloads from the require-drop-all-capabilities policy due to incompatibilities with that policy, those exclusions should also be included for this new policy: add-default-capability-drop to avoid workload interruption.