Cfripper

Additions
- All rules now support filter contexts!
Improvements
- Update `WildcardResourceRule` to allow for certain resources to be excluded.

Bugfix
- `GenericWildcardPrincipalRule` to ignore account IDs where full or partial wildcard is required in the Principal.
These accounts should be AWS Service Accounts defined in the config.
- Fix CLI flag `--rules-config-file`
Improvements
- Update `ResourceSpecificRule` to allow for certain resources to be excluded. In particular, the
`PrivilegeEscalationRule` will now no longer be invoked for `S3BucketPolicy` resources.
- Add rules config for Kinesis Data Firehose IPs that can be applied

Improvements
- Add more X-Ray permissions that accept wildcard resource only
- CLI handles case of empty template by returning appropriate exception message
- CLI now returns exit code 2 for scenarios where CFRipper finds a template violating any of the rules

Breaking changes
- Rule config files using filters must now use `ingress_obj` and not `ingress`.
Additions
- Rules using IP Address Ranges now export both `ingress_obj` and `ingress_ip` filter fields.
- Add support to load an external rules configuration file

Breaking changes
- Classes inheriting from `ResourceSpecificRule` now must allow an `extra` field in the `resource_invoke` function
Improvements
- Improved context data for `BaseDangerousPolicyActions` and classes inheriting from it
Bugfix
- `CrossAccountCheckingRule` did not check properly for calculated mock fields.

Improvements
- Add SNS actions that only allow wildcards