Rollback precondition to exclude background scans

Prior to https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies/-/merge_requests/47/diffs#8b99250cf810ac61fc6f15107f0e173d3289f6b2_174_183 we excluded operations that stemmed from BACKGROUND scans with our global precondition. After allowing policies to be evaluated on BACKGROUND scans a number of PolicyReports contained failures for resources in kube-system. I believe this is due to a quirk where resourceFilters are not applied to background scans.

Based on my understanding this would not result in any resources being blocked, because the background scans are operating on existing resources. The table in the docs explains that even if a policy is set to enforce the resource will just be reported on which technically would not break anything but is definitely a bit confusing.

I think our options are:

• a. Merge this MR which more or less returns us to previous behavior where we were excluding background scans via the request.operation precondition.
• b. Update our global exclude to exclude namespaces/resources to coincide with namespaces/resources targeted by the resourceFilter
• c. Do nothing - PolicyReports will contain failures on resources in previously excluded namespaces, but no operations will be blocked due to the nature of background scans.

See:

• BB resourceFilter
• https://github.com/kyverno/kyverno/issues/5028
• https://kyverno.io/docs/writing-policies/background/