[cis-hardening] Fix `--install-kubebench` flag

[bschimke95]

The --install-kubebench flag is defined without a specific type which let click interpret it as string. The check of this flag expected a boolean (if install_kubebench:...) which caused --install-kubebench="false" to be evaluated to True.

This commit fixes that issue and evaluates the flag correctly. However, we can not simply change the flag type to boolean as this would break the current workaround for this issue (--install_kubebench=""). Thus, we maintain the string type for this flag for backward-compatibility.

[neoaggelos]

I don't think it would hurt to add the --skip-kubebench-installation flag here as well

[bschimke95]

I don't have a strong opinion on that one and can add the --skip-kubebench-installation commit to 1.28 as well.

However, one thing to consider is that with this commit we also mark the --install-kubebench flag as hidden which is a behavior we may not like to backport. WDYT?

[ktsakalozos]

Ok, lets add the extra argument and mark the current one as hidden. As long as we do not break backwards compatibility we are ok.