Parliament

- Resource mismatches are now aggregated into a single finding, so when you grant s3:* on a bucket, it produces a single finding, instead of one for each s3 action. The `detail` element will include each of these actions and the required resource, which will make that element very long, especially if you were to grant all actions via `*`
- Unknown action and unknown prefix findings are not their own finding types as opposed to causing exceptions.
- The filepath is now given when checking a single file
- Filtering by severity will now correctly exit with a exit code of 0 if there are findings but they are all filtered
- No Version element is now allowed and marked as a Low finding.

- Returns non-zero exit codes when issues are found
- Allows for json output
- Finding types are now stored in a config file (eventually this config file will be exposed so you can mute findings as needed) https://github.com/duo-labs/parliament/blob/master/parliament/config.yaml
- The parliament command allows you to specify the minimum severity to be displayed
- There is a local `./bin/parliament` script for testing while developing

Some example:

$ bin/parliament --file test.json
...
MEDIUM - No resources match for the given action - No resources match for s3:UpdateJobStatus which requires a resource format of arn:*:s3:*:*:job/* for the resource job* - {'filepath': None}
$ bin/parliament --file test.json --json
...
{"issue": "RESOURCE_MISMATCH", "title": "No resources match for the given action", "severity": "MEDIUM", "description": "", "detail": "No resources match for s3:UpdateJobStatus which requires a resource format of arn:*:s3:*:*:job/* for the resource job*", "location": {"filepath": null}}

- Updates iam privileges.
- Makes unit tests use python 3

- Improved doc spidering from kmcquade
- Sid checking from santoshankr
- Updated IAM definition

Updated IAM definition.