chore(release): Zip policies with plugins

[erezrokah]

Summary

Simple enough to do cc @bernays assuming we want this.
This creates the following structure (for example) in each GCP zip:

├── plugins
│   └── source
│       └── gcp
└── policies
    ├── README.md
    ├── cis_v1.2.0
    │   ├── policy.sql
    │   ├── section_1.sql
    │   ├── section_2.sql
    │   ├── section_3.sql
    │   ├── section_4.sql
    │   ├── section_5.sql
    │   ├── section_6.sql
    │   └── section_7.sql
    ├── create_gcp_policy_results.sql
    ├── policy.sql
    ├── queries
    │   ├── bigquery
    │   │   ├── datasets_publicly_accessible.sql
    │   │   ├── datasets_without_default_cmek.sql
    │   │   └── tables_not_encrypted_with_cmek.sql
    │   ├── compute
    │   │   ├── allow_traffic_behind_iap.sql
    │   │   ├── default_network_exist.sql
    │   │   ├── disks_encrypted_with_csek.sql
    │   │   ├── dnssec_disabled.sql
    │   │   ├── flow_logs_disabled_in_vpc.sql
    │   │   ├── instance_ip_forwarding_enabled.sql
    │   │   ├── instances_with_default_service_account.sql
    │   │   ├── instances_with_default_service_account_with_full_access.sql
    │   │   ├── instances_with_public_ip.sql
    │   │   ├── instances_with_shielded_vm_disabled.sql
    │   │   ├── instances_without_block_project_wide_ssh_keys.sql
    │   │   ├── instances_without_confidential_computing.sql
    │   │   ├── legacy_network_exist.sql
    │   │   ├── oslogin_disabled.sql
    │   │   ├── rdp_access_permitted.sql
    │   │   ├── serial_port_connection_enabled.sql
    │   │   ├── ssh_access_permitted.sql
    │   │   └── ssl_proxy_with_weak_cipher.sql
    │   ├── dns
    │   │   ├── key_signing_with_rsasha1.sql
    │   │   └── zone_signing_with_rsasha1.sql
    │   ├── iam
    │   │   ├── kms_separation_of_duties.sql
    │   │   ├── managed_service_account_keys.sql
    │   │   ├── separation_of_duties.sql
    │   │   ├── service_account_admin_priv.sql
    │   │   ├── service_account_keys_not_rotated.sql
    │   │   └── users_with_service_account_token_creator_role.sql
    │   ├── kms
    │   │   ├── keys_not_rotated_within_90_days.sql
    │   │   └── publicly_accessible.sql
    │   ├── logging
    │   │   ├── audit_config_changes_without_log_metric_filter_alerts.sql
    │   │   ├── custom_role_changes_without_log_metric_filter_alerts.sql
    │   │   ├── dns_logging_disabled.sql
    │   │   ├── log_buckets_retention_policy_disabled.sql
    │   │   ├── not_configured_across_services_and_users.sql
    │   │   ├── project_ownership_changes_without_log_metric_filter_alerts.sql
    │   │   ├── sinks_not_configured_for_all_log_entries.sql
    │   │   ├── sql_instance_changes_without_log_metric_filter_alerts.sql
    │   │   ├── storage_iam_changes_without_log_metric_filter_alerts.sql
    │   │   ├── vpc_firewall_changes_without_log_metric_filter_alerts.sql
    │   │   ├── vpc_network_changes_without_log_metric_filter_alerts.sql
    │   │   └── vpc_route_changes_without_log_metric_filter_alerts.sql
    │   ├── manual.sql
    │   ├── sql
    │   │   ├── db_instance_publicly_accessible.sql
    │   │   ├── db_instance_with_public_ip.sql
    │   │   ├── db_instance_without_ssl.sql
    │   │   ├── db_instances_without_backups.sql
    │   │   ├── mysql_local_inline_flag_on.sql
    │   │   ├── mysql_skip_show_database_flag_off.sql
    │   │   ├── postgresql_log_checkpoints_flag_off.sql
    │   │   ├── postgresql_log_connections_flag_off.sql
    │   │   ├── postgresql_log_disconnections_flag_off.sql
    │   │   ├── postgresql_log_duration_flag_off.sql
    │   │   ├── postgresql_log_error_verbosity_flag_not_strict.sql
    │   │   ├── postgresql_log_executor_stats_flag_on.sql
    │   │   ├── postgresql_log_hostname_flag_off.sql
    │   │   ├── postgresql_log_lock_waits_flag_off.sql
    │   │   ├── postgresql_log_min_duration_statement_flag_on.sql
    │   │   ├── postgresql_log_min_error_statement_flag_less_error.sql
    │   │   ├── postgresql_log_parser_stats_flag_on.sql
    │   │   ├── postgresql_log_planner_stats_flag_on.sql
    │   │   ├── postgresql_log_statement_stats_flag_on.sql
    │   │   ├── postgresql_log_temp_files_flag_off.sql
    │   │   ├── sqlserver_contained_database_authentication_flag_on.sql
    │   │   ├── sqlserver_cross_db_ownership_chaining_flag_on.sql
    │   │   ├── sqlserver_external_scripts_enabled_flag_on.sql
    │   │   ├── sqlserver_remote_access_flag_on.sql
    │   │   ├── sqlserver_trace_flag_on.sql
    │   │   ├── sqlserver_user_connections_flag_not_set.sql
    │   │   └── sqlserver_user_options_flag_set.sql
    │   └── storage
    │       ├── buckets_publicly_accessible.sql
    │       └── buckets_without_uniform_bucket_level_access.sql
    └── views
        ├── buckets_permissions.sql
        ├── firewall_allowed_rules.sql
        ├── log_metric_filters.sql
        └── project_policy_members.sql

---

Use the following steps to ensure your PR is ready to be reviewed

• Read the contribution guidelines 🧑‍🎓
• Test locally on your own infrastructure
• Run go fmt to format your code 🖊
• Lint your changes via golangci-lint run 🚨 (install golangci-lint here)
• Update or add tests 🧪
• Ensure the status checks below are successful ✅

[yevgenypats]

I think we can also drop the non-zip artifacts by now as it will save bandwidth and some trees.

[erezrokah]

I think we can also drop the non-zip artifacts by now as it will save bandwidth and some trees.

Existing versions of the CLI still use the non zip artifacts so if we drop them now they'll stop working and we don't have a version that supports zipped entries released (yet).

[erezrokah]

Existing versions of the CLI still use the non zip artifacts so if we drop them now they'll stop working and we don't have a version that supports zipped entries released (yet).

Ah actually doesn't matter a new plugins versions will be incompatible with the new releases anyway