Run Polaris for the specified workload

[danielpacak]

Describe the problem/challenge you have

Currently, we're running Polaris audit subcommand to scans all workloads in the cluster.

$ starboard polaris
$ starboard get configaudit deploy/nginx -n dev

Describe the solution you'd like

However, we should be able to scan a single workload like we do for vulnerabilities:

$ starboard polaris deploy/nginx -n dev
$ starboard polaris sts/my-app -n staging

Anything else you would like to add:

• This is mainly required for multi tenant environments and workloads protected by RBAC permissions. Beyond that, scanning all workloads requires running Polaris as Kubernetes Job with ServiceAccount that's not least privileged.

[rbren]

Prior to 1.0, we would retrieve a list of deployments across all namespaces, and use that list to generate the report.

In the latest version, we retrieve a list of pods across all namespaces, then walk up the owner refs to find the top-level controller. This makes it easy to support arbitrary controller types.

The first thing to do here would be to create a --namespace option that would restrict polaris to looking at a particular namespace.

After that, we would probably need to reintroduce some logic to retrieve a specific resource, rather than start with pods and walk up. That way we'd only need RBAC to view one thing (e.g. deployments) instead of pods, replicasets, and the thing we're auditing.