Decouple the remaining EXO Shall/Should policies

[buidav]

🗣 Description

• This PR decouples the remaining baseline policies that had a SHALL AND SHOULD within the same policy statement into their own separate policies.
• Adds rego and functional unit tests for those new policies.

Policies broken up:

• MS.EXO.8.1v1
  • A DLP solution SHALL be used. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.
• MS.EXO.8.2v1
  • The DLP solution SHALL protect PII and sensitive information, as defined by the agency. At a minimum, the sharing of credit card numbers, Taxpayer Identification Numbers (TIN), and Social Security Numbers (SSN) via email SHALL be restricted.
• MS.EXO.9.1v1
  • Emails SHALL be filtered by the file types of included attachments. The selected filtering solution SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.
• MS.EXO.9.3v1
  • Disallowed file types SHALL be determined and set. At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).
• MS.EXO.14.1v1
  • A spam filter SHALL be enabled. The filtering solution selected SHOULD offer services comparable to the native spam filtering offered by Microsoft.

💭 Motivation and context

Closes #524

🧪 Testing

• Run ScubaGear and look at the report.
• Run the EXO rego Unit tests.
• Run the EXO Test Plan.

✅ Pre-approval checklist

• This PR has an informative and human-readable title.
• PR targets the correct parent branch (e.g., main or release-name) for merge.
• Changes are limited to a single goal - eschew scope creep!
• Changes are sized such that they do not touch excessive number of files.
• All future TODOs are captured in issues, which are referenced in code comments.
• These code changes follow the ScubaGear content style guide.
• Related issues these changes resolve are linked preferably via closing keywords.
• All relevant type-of-change labels added.
• All relevant project fields are set.
• All relevant repo and/or project documentation updated to reflect these changes.
• Unit tests added/updated to cover PowerShell and Rego changes.
• Functional tests added/updated to cover PowerShell and Rego changes.
• All relevant functional tests passed.
• All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

• PR passed smoke test check.

• Feature branch has been rebased against changes from parent branch, as needed

  Use Rebase branch button below or use this reference to rebase from the command line.

• Resolved all merge conflicts on branch

• Notified merge coordinator that PR is ready for merge via comment mention

✅ Post-merge checklist

• Feature branch deleted after merge to clean up repository.
• Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

[adhilto]

Looks like MS.EXO.9.3v1 might have been overlooked.

[buidav]

Looks like MS.EXO.9.3v1 might have been overlooked.

addressed.

[schrolla]

Some minor comments about wording changes and some suggestions to better inform users when using third-party tools.