Add mutelist files to suppress expected/accepted Prowler findings:
- apiserver: minikube control plane flags (12 checks)
- control-plane: scheduler, controller-manager, kubelet (3 checks)
- core-pod-security: system pods, operator-managed, expected ops (7 checks)
- rbac: built-in K8s roles, ArgoCD, CNPG (3 checks)
Mutelist files are stored individually in mutelist/ for maintainability
and merged at runtime via an initContainer before the scan runs.
Muted findings appear as status=MUTED in reports (not hidden).
Also adds missing seccomp RuntimeDefault profile to kube-state-metrics.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Erich Blume
0b68d48eba