feat(queries): enhance rule accuracy and reduce false positives

[marksokolov-orca]

• OpenAPI: Improve global security field detection with operation-level security checks
• ServerlessFW/SAM: Add contextual intelligence for IAM role requirements
• S3 Bucket: Add intentional public bucket detection for Terraform/CloudFormation
• Variable Description: Focus on complex/sensitive variables only
• Snake Case: Exclude external modules and legitimate naming exceptions
• K8s Namespace: Distinguish user workloads from system components
• Documentation: Enhanced rule comments with security rationale and compliance alignment

Reason for Proposed Changes

• Reduce false positives in KICS security rules by adding contextual intelligence
• Improve rule accuracy to focus on genuine security vulnerabilities
• Enhance developer experience by reducing noise from legitimate use cases
• Align rules with modern cloud security best practices and industry standards
• Maintain security coverage while being more precise in detection logic

Proposed Changes

• OpenAPI Global Security Field: Enhanced to only flag when both global security is missing AND operations lack security
• ServerlessFW/SAM IAM Role: Added contextual analysis for functions requiring different permissions
• S3 Bucket Public Policy: Added detection for intentional public buckets (websites, CDNs) to reduce false positives
• Variable Description: Focused on complex/sensitive variables only, excluding simple self-explanatory ones
• Snake Case Naming: Added exceptions for external modules and legitimate naming patterns
• Kubernetes Namespace: Distinguished between user workloads and system components
• Test Coverage: Added comprehensive negative test cases and updated expected results
• Documentation: Enhanced rule comments with security rationale and compliance alignment

I submit this contribution under the Apache-2.0 license.