genpolicy: add easy way to allow CloseStdinRequest

For example, Kata CI's k8s-copy-file.bats transfers files between the
Host and the Guest using "kubectl exec", and that results in
CloseStdinRequest being called from the Host.

Signed-off-by: Dan Mihai <dmihai@microsoft.com>

src/tools/genpolicy/genpolicy-settings.json

@@ -299,6 +299,7 @@
             "commands": [],
             "regex": []
         },
+        "CloseStdinRequest": false,
         "ReadStreamRequest": false,
         "WriteStreamRequest": false
     }

src/tools/genpolicy/rules.rego

@@ -1143,6 +1143,10 @@ ExecProcessRequest {
     print("ExecProcessRequest 3: true")
 }
 
+CloseStdinRequest {
+    policy_data.request_defaults.CloseStdinRequest == true
+}
+
 ReadStreamRequest {
     policy_data.request_defaults.ReadStreamRequest == true
 }

src/tools/genpolicy/src/policy.rs

@@ -324,6 +324,9 @@ pub struct RequestDefaults {
     /// Commands allowed to be executed by the Host in all Guest containers.
     pub ExecProcessRequest: ExecProcessRequestDefaults,
 
+    /// Allow the Host to close stdin for a container. Typically used with WriteStreamRequest.
+    pub CloseStdinRequest: bool,
+
     /// Allow Host reading from Guest containers stdout and stderr.
     pub ReadStreamRequest: bool,