feat(action): added validation for searchLine field in actions

[cx-ricardo-jesus]

Reason for Proposed Changes

• Currently the GitHub actions don't validate the result from the searchLine field.

Proposed Changes

• Added a new job validate-search-line to the go-ci workflow, along with its supporting Python script, to automatically validate the correctness of the searchLine field in the modified KICS queries.
• On the new job I used the dorny/paths-filter action , to get the modified files in each PR/push to a branch, because the purpose of this actions is to validate the searchLine value for the queries changed on the relative push. This action produces the output queries that is a boolean that indicates whether any matching files with the path 'assets/queries/**/query.rego' (KICS query path) and the output queries_files that contains a JSON array with the exact paths of the changed files.
• The following steps Set up Python, Set up Go and Validate searchLine only run if steps.filter.outputs.queries == true, meaning they are entirely skipped if no query file was modified.
• The validation is made using a Python script validate-search-line.py that was made in Python because almost all the other scripts are also written in Python.
• The script begins by getting the path of the directory that contains the queries that were changed, using the get_changed_queries() helper function. This function reads the CHANGED_QUERIES environment variable, which is the JSON array produced by dorny/paths-filter. It parses the array and, for each entry ending in /query.rego, extracts the parent directory (the query folder) and returns of Path objects pointing to those directories.
• For each query folder, it will be used other helper function called validate_query will be used, which aims to validate a single directory. This helper function first of all, uses another helper function called has_search_line_defined, which only checks if the query contains the searchLine defined. If the query that was modified in the PR has this field defined, it starts a KICS scan command using the helper function run_kics_scan that only runs that command and returns True if the scan ran with no problems. After that, it uses the helper function called validate_scan_results, which reads the results from the scan that ran previously, and checks if the line is defined to "-1" or if the searchLine value is not equal to the value in the line field. If any of these scenarios happen, it returns False.
• These validations mentioned above are made individually for each query; thus, if any of the queries do not have a valid value for the searchLine field in the results, it will return an error stating ::error::Some searchLine validations failed. See errors above..

I submit this contribution under the Apache-2.0 license.

[github-actions]

KICS version: v2.1.18

Category Results CRITICAL 0 HIGH 0 MEDIUM 0 LOW 0 INFO 0 TRACE 0 TOTAL 0	Metric Values Files scanned 1 Files parsed 1 Files failed to scan 0 Total executed queries 47 Queries failed to execute 0 Execution time 0