Expand hostpath kyverno policies to include Persistent Volumes

changed milestone to %1.35.0

added teamcore/security + 1 deleted label

requested review from @micah.nagel

@toladipupo I'm closing the duplicate of this - https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/1692

~~There seems to be an issue with the policy...it's blocking the Twistlock console PVC but the PVC doesn't use a hostpath mount?~~ (see comment below)

Kyverno error:

  Warning  ProvisioningFailed    118s (x5 over 8m39s)    rancher.io/local-path_local-path-provisioner-6c79684f77-zhp2h_35a7f3a5-a7ab-4277-a7c9-f60af2d8002d  Error creating provisioned PV object for claim twistlock/twistlock-console: admission webhook "validate.kyverno.svc-fail" denied the request:

resource PersistentVolume//pvc-4cc71bd1-be17-45f9-961e-dbab5fe7c66b was blocked due to the following policies

restrict-host-path-mount:
  restrict-hostpath-dirs: 'validation error: hostPath volume paths are restricted
    to the allowed list. Rule restrict-hostpath-dirs failed at path /spec/hostPath/path/'
. Deleting the volume.

PVC:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  annotations:
    meta.helm.sh/release-name: twistlock-twistlock
    meta.helm.sh/release-namespace: twistlock
    volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
    volume.kubernetes.io/selected-node: k3d-k3s-default-agent-1
    volume.kubernetes.io/storage-provisioner: rancher.io/local-path
  creationTimestamp: "2022-05-25T19:21:11Z"
  finalizers:
  - kubernetes.io/pvc-protection
  labels:
    app.kubernetes.io/managed-by: Helm
    helm.toolkit.fluxcd.io/name: twistlock
    helm.toolkit.fluxcd.io/namespace: bigbang
  name: twistlock-console
  namespace: twistlock
  resourceVersion: "5965"
  uid: 4cc71bd1-be17-45f9-961e-dbab5fe7c66b
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi
  storageClassName: local-path
  volumeMode: Filesystem
status:
  phase: Pending