Add "Doesn't match the statement (NOT)" rule

[sterichards]

Describe the Feature

When building WAF rules in AWS, it's possible to specify Doesn't match the statement (NOT)

This module only seems to support matches

Expected Behavior

Being able to supply a rule only runs when a statement is not matched

EG - "Does not originate from a country"

Use Case

It would allow to supply a list of countries to allow requests from whilst blocking requests from countries that are not specified

Describe Ideal Solution

A does not match statement

Alternatives Considered

No response

Additional Context

I can't use a block list against countries because it is too large and I get the following error:

'rules.6.member.statement.geoMatchStatement.countryCodes' failed to satisfy constraint: Member must have length less than or equal to 50"