update CoreRuleset payload for dikastes' new WAF engine

[electricjesus]

Description

Now that we're changing the WAF engine in Dikastes from Modsecurity to Coraza, this PR provides mainly two changes that ties into that changel:

1. a few changes to command-line invocation, and
2. an update to the coreruleset version

Here is a more detailed breakdown on the changes in this PR

• update dikastes command-line options to reflect new cli options for dikastes that runs coraza-based waf (pkg/render/applicationlayer/applicationlayer.go)
• bumped coreruleset version v3.3.5 to v4.0.0-rc2
• move and reorganise coreruleset delivery
  • removed the 'go:generate'-based workflow, this removes the generated artifacts and reduces the possibility of not updating it everytime we need an update to coreruleset. This also means we replace generated files with embedded references in applicationlayer renderer and controller.
  • reorganise how we do the customisations: all our custom CRS behaviour in its own tigera.conf file
  • coreruleset files now follow a rules subdirectory format, which is the original file/directory structure in github.com/coreruleset/coreruleset

Depends on https://github.com/tigera/calico-private/pull/6862 but that PR also depends on this one.

For PR author

• Tests for change.
• If changing pkg/apis/, run make gen-files
• If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

• Milestone set according to targeted release.
• Appropriate labels:
  • kind/bug if this is a bugfix.
  • kind/enhancement if this is a a new feature.
  • enterprise if this PR applies to Calico Enterprise only.

[caseydavenport]

This is only used within this file, should probably be private

To be honest, I suspect that is true of many of these variables, but since we're touching this one we should make it private.

[caseydavenport]

LGTM - one minor nit about variables being public.