feat(policy-devel): extend eval command to show raw evaluation of messages

[Piskoo]

This PR changes the format of policy devel eval and adds additional feature to --debug flag.

1. policy devel eval output is now an object instead of array of objects:

Before

[
   {
      "violations": [
         "test"
      ],
      "skip_reasons": [],
      "skipped": false
   }
]

After

{
   "result": {
      "skipped": false,
      "skipReasons": [],
      "violations": [
         "test"
      ]
   }
}

2. --debug flag adds additional information to output in a debug_info field. It contains inputs field that holds json input material enriched with passed input args and chainloop metadata. Also raw_results field that contains full output out of opa eval which includes all rules.

{
   "result": {
      "skipped": false,
      "skipReasons": [],
      "violations": [
         "test"
      ]
   },
   "debug_info": {
      "inputs": [
         {
            "args": {
               "licenses": "AGPL"
            },
            "bomFormat": "CycloneDX",
            "chainloop_metadata": {
               "annotations": {
                  "chainloop.material.cas.inline": true,
                  "chainloop.material.name": "material",
                  "chainloop.material.type": "EVIDENCE"
               },
               "content": 
               (...) material content
         }
      ],
      "raw_results": [
         {
            "data.pck": {
              (...) #results
         },
         {
            "data.main": {
            (...) #results
            }
         }
      ]
   }
}

Closes #2353

[Piskoo]

raw_results is missing requested script and result due to limitations of naming rego scripts. data.<package_name> returned by opa eval is used for verification, otherwise the output scripts could be labeled by their filename for non embedded type, but that causes problem for embedded scripts since there's no name attached to them.

[migmartri]

Thanks @Piskoo

[migmartri]

We could probably be more explicit here, currently, the description seems like a generic debug mode, when in reality it does more than that.

[migmartri]

in your example in the description it seems that the json keys where capitalized, aren't they using these annotations?

[migmartri]

fmt.Sprintf("%v.%s\n", parsedModule.Package.Path, mainRule looks likke it could be in a function

[migmartri]

should we make this optional? Meaning that you can initialize the engine to return raw data too but optionally?

[Piskoo]

Makes sense due to only policy devel eval making use of it, thanks

[migmartri]

you sure about this? Can't an evaluation contain info from multiple paths?

[Piskoo]

Results from a single policy attachment, evaluated against a single material, are merged into one evaluation result. So results from each path in the policy will be merged in the end.

[migmartri]

nitpick. ok, should we protect the code?

[migmartri]

double check my comment about number of evaluations. Thanks!

[migmartri]

Awesome

[migmartri]

nitpick. ok, should we protect the code?

[migmartri]

add a comment explainign what this is please

[migmartri]

check json rawmessage

[Piskoo]

Updated types for RawData in the engine and also in proto file