feat(rules): add (limited) deprecation rules

[benbridts]

• Allow Origin Access Control in addition to Origin Access Identity
• Add rule for Origin Access Identity deprecation

Submitting as draft, because I'm having trouble running tests locally (even on the main branch)

cfn-guard test --rules-file rules/aws/cloudfront/cloudfront_origin_access_identity_enabled.guard --test-data rules/aws/cloudfront/tests/cloudfront_origin_access_identity_enabled_tests.yml
Parse Error on ruleset file Parser Error when parsing Parsing Error Error parsing file rules/aws/cloudfront/cloudfront_origin_access_identity_enabled.guard at line 37 at column 110, when handling , fragment .[
    DomainName == /[a-z0-9\.-]{3,63}\.s3\.amazonaws\.com/
    S3OriginConfig.OriginAccessIdentity !exists or
    S3OriginConfig.OriginAccessIdentity == ""
  ]
  %violations empty
  <<
    Violation: CloudFront Distributions backed by S3 must be configured with an Origin Access Identity (OAI).
    Fix: Set the S3OriginConfig.OriginAccessIdentity property for CloudFront Distribution Origins backed by S3.
  >>
}

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[benbridts]

@grolston There is something wrong with the github actions. There are multiple failures ("Parse Error on ruleset"), but the checks pass.

This includes files I haven't touched in this PR

[grolston]

@benbridts does PR 232 solve this?

[benbridts]

@grolston Depends on what you're asking :)

• Github actions / build seems to be passing, so I should be able to make this a real PR
• The linked PR does not replace this PR (if I read the content correctly)