Delete prowler-image-scan and prowler-iac-scan CronJobs, remove them from
the kustomization, and drop the now-unused trivyignore.yaml mutelist (only
the IaC scan consumed it via TRIVY_IGNOREFILE).
Trim review-compliance-reports to the single remaining K8s CIS scan and
remove the grouped-findings rendering (_print_grouped_findings /
_worst_severity) that existed solely for the high-volume image/IaC scans.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Document the decision to retire the container-image CVE scan and the IaC
scan, which generated tens of thousands of un-actioned, un-muted findings
weekly with no realized value. The K8s CIS scan (fully mutelisted, runs
clean) is retained. Rationale captured in deploy-prowler.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
