This request seeks to enhance the compliance-operator in OpenShift 4.x by allowing custom attributes defined on ComplianceRule objects to be automatically propagated to the corresponding generated ComplianceCheckResult objects.

Currently, customers are unable to attach and retrieve custom metadata (such as business-specific identifiers or severity ratings) on the final compliance check results. Attempts to add these attributes as labels or annotations directly to a customized ComplianceRule and TailoredProfile failed to propagate the metadata to the resulting ComplianceCheckResult.

The desired mechanism is as follows:

1. A user defines custom labels/annotations (e.g., weakness_score, break_severity, jpmc-id) on a ComplianceRule object (either a base rule or a custom rule in a TailoredProfile).

1. Upon execution of the compliance scan, the compliance-operator should copy these custom labels/annotations from the source ComplianceRule to the corresponding generated ComplianceCheckResult resource.

Steps Taken (Demonstrating Current Gap):

1. Copied an existing rule (e.g., ocp4-accounts-no-0clusterrolebindings-default-service-account) to create a prefixed version: demo-ocp4-accounts-no-0clusterrolebindings-default-service-account with custom labels/annotations.
2. Created a TailoredProfile (demo-ocp4-accounts) referencing the modified rule under enabledRules.
3. Created a ScanSettingBinding referencing the tailored profile.

Observed Result (Current Behavior): The custom labels/annotations did not appear on the generated ComplianceCheckResult.

Expected Result (Desired Feature Behavior): The generated ComplianceCheckResult must contain the custom labels/annotations inherited from the referenced ComplianceRule.