Move policy type conditions to pre-conditions

[BernieWhite]

Description of the issue

When a policy defines a type condition the policy result is that the effect is not applied if the condition does not match.

Consider the example below.

• If the resource type is not storage the policy does not Deny.

In PSRule, the evaluation process works slightly differently. If we do not want a rule to be evaluated it needs to be filtered out using a pre-condition. Otherwise it will be evaluated and the result will determine if the rule returns Pass or Fail.

Again in the example below, this rule would fail on all resources that are not storage accounts which is not intended.

To Reproduce

{
    // Synopsis: Minmum TLS version must be used on Storage accounts
    "apiVersion": "github.com/microsoft/PSRule/v1",
    "kind": "Rule",
    "metadata": {
        "name": "Deny Storage Account Not Using Minumum TLS version",
        "tags": {
            "Azure.Policy/category": "Storage"
        },
        "annotations": {
            "Azure.Policy/id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-Account-Not-Using-Minimum-TLS-Version",
            "Azure.Policy/version": "1.0.0"
        }
    },
    "spec": {
        "condition": {
            "allOf": [
                {
                    "field": "type",
                    "equals": "Microsoft.Storage/storageAccounts"
                },
                {
                    "field": "properties.minimumTlsVersion",
                    "notEquals": "TLS1_2"
                }
            ]
        }
    }
}

Expected behaviour

To address this we need to elevate type conditions to pre-conditions to prevent the rule from running for incompatible resource types.