disable downgrade and not enforced rule messages by default

Currently the apparmor parser warns about rules that are not enforced or
downgraded. This is a problem for distros that are not carrying the out of
tree kernel patches, as most profile loads result in warnings.

Change the behavior to not output a message unless a warn flag is passed.
This patch adds 2 different warn flags
  --warn rule-downgraded    	 # warn if a rule is downgraded
  --warn rule-not-enforced	   # warn if a rule is not enforced at all

If the warnings are desired by default the flags can be set in the
parser.conf file.

v2 of patch
- update man page
- add --warn to usage statement
- make --quiet clear warn flags

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>

parser/apparmor_parser.pod

@@ -239,6 +239,16 @@ Do not report on the profiles as they are loaded, and not show warnings.
 
 Report on the profiles as they are loaded, and show warnings.
 
+=item --warn=n
+
+Enable various warnings during policy compilation. A single dump flag
+can be specified per --warn option, but the --warn flag can be passed
+multiple times.
+
+  apparmor_parser --warn=rules-not-enforced ...
+
+Use --help=warn to see a full list of which warn flags are supported.
+
 =item -d, --debug
 
 Given once, only checks the profiles to ensure syntactic correctness.