Allow local overrides when using remote policy configuration

[bjlaub]

policy-bot currently supports setting policies for a repository by referencing a remote policy file (https://github.com/palantir/policy-bot#remote-policy-configuration).

It would be neat to allow local overrides or mixins with a remote policy configuration somehow. That way, repositories that want to base their rules off of a default set can start there, and possibly opt-in to overriding certain settings to suit their needs.

This might lead to a lot of confusion and weird mixtures of local rules vs. remote rules; in the worst case it could lead to a lot of copy/paste if the intention is to modify the set of rules for approval/disapproval, though that still seems feasible. One way to scope it down could be to only allow overriding very specific portions of an existing approval_rule - e.g. if the remote policy defines:

approval_rules:
  - name: only staging files have changed
    if:
      only_changed_files:
        paths:
          - "staging/.*"
    requires:
      count: 0

but the consumer has additional paths that count as "staging" files, they could write something like:

remote: org/repo-name
path: path/to/policy.yml
ref: master

local_approval_rules_overrides:
  - name: only staging files have changed  # must match the name of an existing rule in the remote policy
    if:
      only_changed_files:
        paths:  # this list gets merged with the remote rules list, not overridden
          - "otherStagingDir/.*"

A possible use case for this is extending the set of authors that a specific rule applies to on a per-repository basis, so that the same set of rules can be re-used across repositories but the specific users the policy applies to can be widened a bit.