Description of problem:

The instructions of the rule ocp4-cis-scc-limit-container-allowed-capabilities of the compliance operator are not clear and confusing.

CO v1.1.0

See KCS: https://access.redhat.com/solutions/7028870  for details.

The rule should explain what it is trying to do and what are next steps for the customer - if the rule failed, check for the failed/non-conformant SCC, then decide on next steps (what are those? keep the SCC as is or add it to the allowed list?)

Additionally - there is a bug around variable substitution in the instruction. It does not substitute var-sccs-with-allowed-capabilities_regex in the instruction, resulting in wrong output of the command provided and lots of confusion (200 comments in the case so far). The rule instruction should substitute the var properly and output the correct full command for smoother user experience.