Improvement/arsn 375 chain backend imp deny

[KazToozs]

Adding new implicitDeny logic to ChainBackend returns.

PLEASE NOTE:
I do not know what the initial requirement/intended functionality of this class is.
Thus, I am unsure of the expected 'isImplicit' result of the policy merging functionality in this interface.
What I can discern from the code is this:

• The ChainBackend checkPolicies method is called. It returns an array of the authorisation results of the request for each client in the ChainBackend (by calling the checkPolicies functions of these clients).
• Each element of the array is an array of the authorisation results from the different policies for a client.
• Currently, if there is a duplicate policy (of the same ARN), the one that has isAllowed === true takes priority. I would've thought it would make sense to have Deny take priority here. This means I would change this line in the _mergePolicies method:

                if (!policyMap[key] || !policyMap[key].isAllowed) {

to this

                if (!policyMap[key] || !policy.isAllowed) {

However, the tests expect the current behaviour. Why?
What would be the expected behaviour from this for the isImplicit variable?
Who would have this context? The code was initially created by Alex Chan after report by @rachedbenmustapha
Thanks for any feedback

[bert-e]

Hello kaztoozs,

My role is to assist you with the merge of this
pull request. Please type @bert-e help to get information
on this process, or consult the user documentation.

Status report is not available.

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers