OPAL need to alert the user if the policy bundle is invalid

[asafc]

For example - if multiple .rego files have the same package name - OPAL will not complain but OPA will not allow it. So, invalid configuration is caught during runtime - it should be caught during startup.

e.g: in multi-tenant policy setup: /global/rbac.rego should have different package name than /tenants/tenant1/rbac.rego - otherwise OPA will return 400 when applying the bundle.

[orweis]

Need to think how to avoid drift from OPA - i.e. if we rebuild the rules for a valid bundle into OPAL, it will end up gradually drifting from OPA as the folks there update the project. Also there might be a difference of valid policies between versions of OPA.

Ideally if we can have OPAL test this via OPA, and communicate back its response- it would probably be better