bug: incorrect CIS version selection for RKE 1.28+

[afdesk]

Description

Currently, kube-bench does not correctly determine the appropriate CIS version for RKE versions greater than 1.27. The selection logic is limited to platform.Version: 1.23-1.27:

kube-bench/cmd/util.go

Lines 522 to 538 in a38a3c5

	case "rancher":
	switch platform.Version {
	case "1.23":
	return "rke-cis-1.23"
	case "1.24":
	return "rke-cis-1.24"
	case "1.25", "1.26", "1.27":
	return "rke-cis-1.7"
	}
	case "rke2r":
	switch platform.Version {
	case "1.23":
	return "rke2-cis-1.23"
	case "1.24":
	return "rke2-cis-1.24"
	case "1.25", "1.26", "1.27":
	return "rke2-cis-1.7"

while newer versions default to predefined mappings:

Kubernetes 1.28-1.29 → CIS 1.9
Kubernetes 1.30-1.31 → CIS 1.10

kube-bench/cfg/config.yaml

Lines 284 to 287 in 2de22f8

	"1.28": "cis-1.9"
	"1.29": "cis-1.9"
	"1.30": "cis-1.10"
	"1.31": "cis-1.10"

This approach may not always be accurate, and we should handle such cases more gracefully

Proposed Solution
We should check for a latest CIS benchmark for the latest RKE versions.

[andypitcher]

Hey @afdesk RKE1 will be EOL in end of July 2025. The last version for RKE1 is and will be RKE-CIS-1.8, as we chose to pursue CIS only for RKE2 and K3S.