False Positives with Deny Actions in IAM Policy

[marcsantamaria-sky]

There can be false positives in CFRipper when an IAM policy has specific Actions with Deny Effect.

The issue seems to be caused because in "policy_document.py" the Denys are not taken into account.

The function "allowed_actions_with" is not excluding actions that have a Deny Effect.

https://github.com/Skyscanner/pycfmodel/blob/6a8f3d1d6b56bb0c1bf368f80cda0f330143d447/pycfmodel/model/resources/properties/policy_document.py#L54-L68