fix(azure): accept cilium as a valid AKS network_policy

[arpitjain099]

Closes #7297

Problem

The AKS Network Policy Misconfigured query (terraform/azure/aks_network_policy_misconfigured) only accepts azure and calico as valid values for network_profile.network_policy. Azure AKS also supports cilium as a network policy (the Azure CNI powered by Cilium / Cilium data plane), so a cluster configured with network_policy = "cilium" is reported as an IncorrectValue result. That is a false positive, as raised in #7297.

Fix

• Add validPolicy("cilium") = true so cilium is no longer flagged as an incorrect value.
• Update the two keyExpectedValue messages from "should be either 'azure' or 'calico'" to "should be either 'azure', 'calico' or 'cilium'" so the guidance matches what the query now accepts.
• Add a negative sample (negative3) to test/negative.tf using network_policy = "cilium" to lock in the expected behaviour.

The existing positive samples are unchanged: an invalid value (network_policy = "roxanne") is still flagged, and the missing-attribute / missing-network_profile cases still flag, so the only behavioural change is that cilium stops being reported.

Testing

Ran locally against master:

go test ./test/ -run 'TestQueries$/terraform/azure/aks_network_policy_misconfigured'
go test ./test/ -run 'TestQueriesContent/^aks_network_policy_misconfigured$'
go test ./test/ -run 'TestQueriesMetadata/^aks_network_policy_misconfigured$'

All pass. As a regression check I reverted only the query.rego change while keeping the new cilium negative sample, and the query test failed (the cilium cluster was reported as IncorrectValue), confirming the new sample actually exercises the fix.

Reference

Azure docs list cilium as a supported network_policy value for AKS (Azure CNI powered by Cilium): https://learn.microsoft.com/en-us/azure/aks/azure-cni-powered-by-cilium