Cfripper

Improvements
- Decrease logging level when loading external filters
- Decrease logging level on known AWS errors such as AccessDenied when listing exports and
throttling errors on getting a template from AWS CloudFormation.

Breaking changes
- `Filter` include the set of rules in which it is applied.
- `RuleConfig` only contains `rule_mode` and `risk_value` now.
- Removes old whitelisting methods in favour of Filters
- Rename `RuleMode.WHITELISTED` to `RuleMode.ALLOWED`, and all `whitelist` word in strings.
- Add debug flag to `Filter` class.
Improvements
- Implements `pluggy` https://github.com/pytest-dev/pluggy to enable dynamic rule loading.
- Add support to load filters from external files

Additions
- All rules now support filter contexts!
Improvements
- Update `WildcardResourceRule` to allow for certain resources to be excluded.

Bugfix
- `GenericWildcardPrincipalRule` to ignore account IDs where full or partial wildcard is required in the Principal.
These accounts should be AWS Service Accounts defined in the config.
- Fix CLI flag `--rules-config-file`
Improvements
- Update `ResourceSpecificRule` to allow for certain resources to be excluded. In particular, the
`PrivilegeEscalationRule` will now no longer be invoked for `S3BucketPolicy` resources.
- Add rules config for Kinesis Data Firehose IPs that can be applied

Improvements
- Add more X-Ray permissions that accept wildcard resource only
- CLI handles case of empty template by returning appropriate exception message
- CLI now returns exit code 2 for scenarios where CFRipper finds a template violating any of the rules

Breaking changes
- Rule config files using filters must now use `ingress_obj` and not `ingress`.
Additions
- Rules using IP Address Ranges now export both `ingress_obj` and `ingress_ip` filter fields.
- Add support to load an external rules configuration file