Currently, policy-controller lets you inline Rego/CUE policies. The alpha Validating Admission Policies use CEL (which is really quite simple/fast) to validate resources.

Would it be worthwhile to add support for CEL here? It would be useful in combination with checks on attestations/signatures (which the upstream feature can't) .