To cover SC-6, we should create a CaC rule that checks that all workloads (maybe except those in openshift- namespaces?) have resource requests and limits set.

This needs a bit more brainstorming, but the idea was to:

 - scan all namespaces but openshift-* and kube-*

 - create an enforcement rule for CO/OPA that would prevent creating new workloads without resource requests and limits

 - the rule should skip any namespaces labeled with a special label to be able to special-case namespaces that should be exempt or add a variable that would list the exempt namespaces--