cleanup(rules): initially tag all rules disabled by default w/ maturity_sandbox level

[incertum]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area rules

/area registry

/area build

/area documentation

What this PR does / why we need it:

As a first step tag all rules that are disabled by default w/ maturity_sandbox level as part of phase 1 of implementing the rules maturity framework
https://github.com/falcosecurity/rules/blob/main/proposals/20230605-rules-adoption-management-maturity-framework.md. Subsequently re-audit these rules and consider elevating some to maturity_incubating while providing compelling reasons and explanations.

@jasondellaluce @LucaGuerra

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

[github-actions]

Rules files suggestions

falco_rules.yaml

Comparing ab02958be7e94789801b9fee9af15c3a734c6ef7 with latest tag falco-rules-1.0.1

Patch changes:

• Rule Disallowed SSH Connection has more tags than before
• Rule Unexpected outbound connection destination has more tags than before
• Rule Unexpected inbound connection source has more tags than before
• Rule Read Shell Configuration File has more tags than before
• Rule Schedule Cron Jobs has more tags than before
• Rule Read ssh information has more tags than before
• Rule Change thread namespace has more tags than before
• Rule Program run with disallowed http proxy env has more tags than before
• Rule Interpreted procs inbound network activity has more tags than before
• Rule Interpreted procs outbound network activity has more tags than before
• Rule Unexpected UDP Traffic has more tags than before
• Rule Contact EC2 Instance Metadata Service From Container has more tags than before
• Rule Contact cloud metadata service from container has more tags than before
• Rule Set Setuid or Setgid bit has more tags than before
• Rule Create Hidden Files or Directories has more tags than before
• Rule Detect outbound connections to common miner pool ports has more tags than before
• Rule Network Connection outside Local Subnet has more tags than before
• Rule Outbound or Inbound Traffic not to Authorized Server Process and Port has more tags than before
• Rule Container Drift Detected (chmod) has more tags than before
• Rule Container Drift Detected (open+create) has more tags than before
• Rule Outbound Connection to C2 Servers has more tags than before
• Rule Container Run as Root User has more tags than before
• Rule Java Process Class File Download has more tags than before
• Rule Modify Container Entrypoint has more tags than before

[LucaGuerra]

lgtm

[poiana]

LGTM label has been added.

Git tree hash: 25e2521b9d293ae8728cbd89a52b1ece582c6c7a

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: incertum, LucaGuerra

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [LucaGuerra,incertum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment