Handling `&` correctly

[airween]

Based on this PR it seems that some engines (libmodsecurity3) allow the & sign with each variables (eg. REQUEST_BODY_LENGTH) even it makes no sense (what about Coraza?). Apache2 reports a weird message: Error creating rule: The & modificator does not apply to non-collection variables. but allows & in front of REQUEST_BODY although it's not a collection either.

We should decide what way do we want to follow: keep the parser as is now or need some modification to make it more strict.

@theseion, @fzipi, @dune73 - what do you think about?

@M4tteoP, @jptosso - how Coraza handles this syntax?