chore(security-guardian): improve failure messages

[gudipati]

Issue # (if applicable)

N/A

Reason for this change

Currently, when a guard rule fails, the security guardian report only shows the rule name and a pass/fail indicator. After this change, each failure annotation will include a human-readable description of what's wrong and how to fix it.

Description of changes

1. Updated summary message to include instructions on how to suppress rules as this is an experimental feature
2. Add custom error messages to each guard rule
3. Updated Junit XML post processing to include the custom error messages in annotations
4. Updated unit-tests

Describe any new or updated permissions being added

N/A

Description of how you validated changes

yarn test succeeded

Validated with an incorrect template using yarn security-guardian --enhance_xml=true -

Static:
        <testcase name="sqs-encryption-enabled.guard" time="0">
            <failure message="[Type: Static] SQS queue must have encryption enabled. Set &apos;KmsMasterKeyId&apos; to a KMS key ARN or &apos;SqsManagedSseEnabled&apos; to true.">
Check was not compliant as property [Properties.KmsMasterKeyId] is missing. Value traversed to [Path=/Resources/SourceQueue6E809DF0[L:2,C:25] Value={&quot;Type&quot;:&quot;AWS::SQS::Queue&quot;,&quot;UpdateReplacePolicy&quot;:&quot;Delete&quot;,&quot;DeletionPolicy&quot;:&quot;Delete&quot;}].
Check was not compliant as property [Properties.SqsManagedSseEnabled] to compare from is missing. Value traversed to [Path=/Resources/SourceQueue6E809DF0[L:2,C:25] Value={&quot;Type&quot;:&quot;AWS::SQS::Queue&quot;,&quot;UpdateReplacePolicy&quot;:&quot;Delete&quot;,&quot;DeletionPolicy&quot;:&quot;Delete&quot;}].</failure>
        </testcase>

Resolved:
        <testcase name="kinesis-firehose-encryption-enabled.guard" time="0">
            <failure message="[Type: Resolved] Kinesis Firehose delivery stream must have encryption enabled. Set &apos;DeliveryStreamEncryptionConfigurationInput.KeyType&apos; to &apos;AWS_OWNED_CMK&apos; or &apos;CUSTOMER_MANAGED_CMK&apos;.">
Check was not compliant as property [DeliveryStreamEncryptionConfigurationInput] is missing. Value traversed to [Path=/Resources/DeliveryStream58CF96DB/Properties[L:149,C:20] Value={&quot;DeliveryStreamType&quot;:&quot;DirectPut&quot;,&quot;ExtendedS3DestinationConfiguration&quot;:{&quot;BucketARN&quot;:&quot;arn:aws:s3:::Bucket83908E77&quot;,&quot;BufferingHints&quot;:{&quot;IntervalInSeconds&quot;:30,&quot;SizeInMBs&quot;:5},&quot;RoleARN&quot;:&quot;arn:aws:iam::123456789012:role/DeliveryStreamS3DestinationRoleD96B8345&quot;}}].
Check was not compliant as property [DeliveryStreamEncryptionConfigurationInput.KeyType] is missing. Value traversed to [Path=/Resources/DeliveryStream58CF96DB/Properties[L:149,C:20] Value={&quot;DeliveryStreamType&quot;:&quot;DirectPut&quot;,&quot;ExtendedS3DestinationConfiguration&quot;:{&quot;BucketARN&quot;:&quot;arn:aws:s3:::Bucket83908E77&quot;,&quot;BufferingHints&quot;:{&quot;IntervalInSeconds&quot;:30,&quot;SizeInMBs&quot;:5},&quot;RoleARN&quot;:&quot;arn:aws:iam::123456789012:role/DeliveryStreamS3DestinationRoleD96B8345&quot;}}].
Check was not compliant as property [DeliveryStreamEncryptionConfigurationInput.KeyType] to compare from is missing. Value traversed to [Path=/Resources/DeliveryStream58CF96DB/Properties[L:149,C:20] Value={&quot;DeliveryStreamType&quot;:&quot;DirectPut&quot;,&quot;ExtendedS3DestinationConfiguration&quot;:{&quot;BucketARN&quot;:&quot;arn:aws:s3:::Bucket83908E77&quot;,&quot;BufferingHints&quot;:{&quot;IntervalInSeconds&quot;:30,&quot;SizeInMBs&quot;:5},&quot;RoleARN&quot;:&quot;arn:aws:iam::123456789012:role/DeliveryStreamS3DestinationRoleD96B8345&quot;}}].</failure>
        </testcase>

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.