feat: [container] add SecurityPostureConfig Enterprise vuln mode to allow customers to enable Advanced Vulnerability Scanning for their clusters (#4666)

* feat: add SecurityPostureConfig Enterprise vuln mode to allow customers to enable Advanced Vulnerability Scanning for their clusters

---
docs: deprecate ProtectConfig fields in alpha and beta, with SecurityPostureConfig as the intended replacement
PiperOrigin-RevId: 565696375

Source-Link: googleapis/googleapis@304bf75

Source-Link: googleapis/googleapis-gen@e42f451
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiZTQyZjQ1MTI5YmNkOTVhNDhmOWY0NzgxYjFlNjRjYWIyZjZjYWE3YiJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

packages/google-container/protos/google/container/v1beta1/cluster_service.proto

@@ -832,6 +832,12 @@ message NodeConfig {
   // HostMaintenancePolicy contains the desired maintenance policy for the
   // Google Compute Engine hosts.
   HostMaintenancePolicy host_maintenance_policy = 44;
+
+  // Optional. Enable confidential storage on Hyperdisk.
+  // boot_disk_kms_key is required when enable_confidential_storage is true.
+  // This is only available for private preview.
+  bool enable_confidential_storage = 46
+      [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Specifies options for controlling advanced machine features.
@@ -2185,8 +2191,9 @@ message Cluster {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NodePoolAutoConfig node_pool_auto_config = 136;
 
+  // Deprecated: Use SecurityPostureConfig instead.
   // Enable/Disable Protect API features for the cluster.
-  optional ProtectConfig protect_config = 137;
+  optional ProtectConfig protect_config = 137 [deprecated = true];
 
   // This checksum is computed by the server based on the value of cluster
   // fields, and may be sent on update requests to ensure the client has an
@@ -2282,6 +2289,10 @@ message SecurityPostureConfig {
 
     // Applies basic vulnerability scanning on the cluster.
     VULNERABILITY_BASIC = 2;
+
+    // Applies the Security Posture's vulnerability on cluster Enterprise level
+    // features.
+    VULNERABILITY_ENTERPRISE = 3;
   }
 
   // Sets which mode to use for Security Posture features.
@@ -2509,8 +2520,9 @@ message ClusterUpdate {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NetworkTags desired_node_pool_auto_config_network_tags = 110;
 
+  // Deprecated: Use DesiredSecurityPostureConfig instead.
   // Enable/Disable Protect API features for the cluster.
-  optional ProtectConfig desired_protect_config = 112;
+  optional ProtectConfig desired_protect_config = 112 [deprecated = true];
 
   // The desired config of Gateway API on this cluster.
   GatewayAPIConfig desired_gateway_api_config = 114;