Differentiate between new violations, and existing ones

[joeduffy]

This is a feature idea:

If I apply a policy pack to an existing stack, it will possibly find errors that already exist in my deployed resources. This seems like an interestingly different scenario than using that policy to gate subsequent violations of the policy. Is there any way to call this out?

This is not only a useful thing to indicate in the error text itself, but -- having lived through countless "static analysis pushes" to get clean -- I can imagine end users may want a way to exempt existing violations while still locking in assurances that no new ones will appear.

[hausdorff]

This is an interesting feature idea. @clstokes any thoughts on where you'd put this relative to the other work we have slated?