DAST scan rules added to `DAST_EXCLUDE_RULES`are shown as PASS in the logs.

Summary

When DAST_EXCLUDE_RULES is used to exclude scan rules from running, the logs show the rules as runs, which is indicated as PASS. This could be confusing to user who consults the logs, as this gives a wrong impression that the disabled rules are run even though it is not.

Steps to reproduce

1. Set

variables:
    DAST_EXCLUDE_RULES: "10048"

2. In the logs it shows

 PASS: Remote Code Execution - Shell Shock [10048]

Example Project

https://gitlab.com/gitlab-org/gitlab/-/jobs/648092551

What is the current bug behavior?

Scan rules that are excluded to run using DAST_EXCLUDE_RULES is shown as run in the log. e.g. PASS: Remote Code Execution - Shell Shock [10048]

What is the expected correct behavior?

The Scan rules that are excluded to run using DAST_EXCLUDE_RULES should be indicated as SKIP in the logs as it's not executed e.g SKIP: Remote Code Execution - Shell Shock [10048]

Implementation Plan

• The name of the policy used to return the active scan rules should not be hardcoded
• Add an end-to-end test to verify that the passive and active scan rules logged are correct
• Filter rules by those that are active (if necessary) before printing to the log
• Ensure that excluded passive and active scan rules are not printed in the log
• Show skipped rules in the log
• Refactor ExecutedRules to Rules, ExecutedRule to Rule, printer.ExecutedRules to services.Summary
• Add a changelog entry
• Passive scan rules that are skipped should be logged as such in the log file, for example, 10027 in the test_webgoat_full_scan