description:

Support managing default policies as SecurityPolicy CRs

Goal Summary:

As an experienced RHACS user, I want to manage all policies - including the default system policies, via GitOps.

I do not want to have to clone default policies to manage them as CRs.

Currently this is not possible. The config controller reports that `isDefault` must be set to false:

ERROR Reconciler error {"controller": "securitypolicy", "controllerGroup": "config.stackrox.io", "controllerKind": "SecurityPolicy", "SecurityPolicy": {"name":"30-day-scan-age","namespace":"stackrox"}, "namespace": "stackrox", "name": "30-day-scan-age", "reconcileID": "1c554388-bcfb-4d07-a13e-ce676d5ffff4", "error": "Invalid policy resource: namespace=stackrox, name=30-day-scan-age: isDefault must be false"}

Goals and expected user outcomes:

• Users can manage default RHACS policies as SecurityPolicy CRs
• Users do not have to clone default policies to manage them as SecurityPolicy CRs
• All policies (including the system default) can be managed with ArgoCD

<your text here>

Acceptance Criteria:

<enter general Feature acceptance here>

Success Criteria or KPIs measured:

<enter success criteria and/or KPIs here>