Kubescape Integrates SecurityException CRDs for GitOps-Native Vulnerability Risk Acceptance

Kubescape is integrating a new GitOps-native mechanism for accepting security risks directly into its vulnerability scanning pipeline. The core development adds a `SecurityExceptionAdapter` that uses a dynamic Kubernetes client to read custom resource definitions (CRDs) for `SecurityException` and `ClusterSecurityException`. This adapter converts these CRD-based exception policies into the internal `armotypes.VulnerabilityExceptionPolicy` format, allowing them to be processed by the platform's existing exception-matching logic. The system merges these new CRD-based exceptions with existing cloud-managed exceptions within the `GetCVEExceptions()` function, handling complex policy attributes like expiry timestamps (`expiresAt`), the `expiredOnFix` flag, and granular resource matching.

The integration, wired at startup using in-cluster configuration, represents a significant shift towards declarative, GitOps-driven security management. It enables teams to define and version-control vulnerability exception policies alongside their application manifests, embedding risk acceptance directly into the deployment workflow. This move is part of the broader NAUT-1258 initiative. However, the current implementation carries a technical debt: the `go.mod` file contains a `replace` directive pointing to a local storage checkout, a temporary measure that must be resolved by updating to a tagged release of the kubescape/storage repository.

The change's success hinges on the completion of two upstream dependencies: the merger of kubescape/storage#309, which provides the necessary type definitions, and kubescape/helm-charts#817, which will supply the required CRD definitions and RBAC permissions. While conversion tests for basic CVE matching, expiry logic, and resource matching are passing, the final step of removing the local `replace` directive remains pending, marking a clear checkpoint before this feature can be considered production-ready.