chore(core): add schema validation tests

I pulled in [ajv](https://npm.im/ajv) for this. I had tried to use [z-schema](https://npm.im/z-schema) but I couldn't get it working quickly (apparently you need to supply the metaschema??) so abandoned it.  If there's a more lightweight, _maintained_ solution, I'm happy to try it.

packages/core/package.json

@@ -17,6 +17,7 @@
   },
   "devDependencies": {
     "@types/json-stable-stringify": "^1.0.34",
+    "ajv": "^8.12.0",
     "ses": "^0.18.8",
     "tmp-promise": "^3.0.3"
   },

packages/core/test/policy/invalid-bad-path.json

@@ -0,0 +1,7 @@
+{
+  "resolutions": {
+    "some>package": {
+      "some>other>package": "/etc/passwd"
+    }
+  }
+}

packages/core/test/policy/invalid-bad-pkg-name.json

@@ -0,0 +1,9 @@
+{
+  "resources": {
+    "bad>!!packagename": {
+      "globals": {
+        "console": true
+      }
+    }
+  }
+}

packages/core/test/policy/invalid-empty.json

@@ -0,0 +1 @@
+{}

packages/core/test/policy/valid.json

@@ -0,0 +1,63 @@
+{
+  "resources": {
+    "browserify>buffer": {
+      "globals": {
+        "console": true
+      },
+      "packages": {
+        "browserify>buffer>base64-js": true,
+        "browserify>buffer>ieee754": true
+      }
+    },
+    "browserify>events": {
+      "globals": {
+        "console": true
+      }
+    },
+    "browserify>process": {
+      "globals": {
+        "clearTimeout": true,
+        "setTimeout": true
+      }
+    },
+    "browserify>string_decoder": {
+      "packages": {
+        "browserify>util>safe-buffer": true
+      }
+    },
+    "browserify>util>safe-buffer": {
+      "packages": {
+        "browserify>buffer": true
+      }
+    },
+    "keccak": {
+      "packages": {
+        "browserify>buffer": true,
+        "keccak>readable-stream": true
+      }
+    },
+    "keccak>readable-stream": {
+      "packages": {
+        "browserify>browser-resolve": true,
+        "browserify>buffer": true,
+        "browserify>events": true,
+        "browserify>inherits": true,
+        "browserify>process": true,
+        "browserify>string_decoder": true,
+        "keccak>readable-stream>util-deprecate": true
+      }
+    },
+    "keccak>readable-stream>util-deprecate": {
+      "globals": {
+        "console.trace": true,
+        "console.warn": true,
+        "localStorage": true
+      }
+    }
+  },
+  "resolutions": {
+    "some>package": {
+      "some>other>package": "./here"
+    }
+  }
+}

packages/core/test/policySchema.spec.js

@@ -0,0 +1,29 @@
+const test = require('ava')
+const Ajv = require('ajv')
+
+const schema = require('../schema/lavamoat-policy.v0-0-1.schema.json')
+const validPolicy = require('./policy/valid.json')
+const invalidPolicyEmpty = require('./policy/invalid-empty.json')
+const invalidBadPkgName = require('./policy/invalid-bad-pkg-name.json')
+const invalidBadPath = require('./policy/invalid-bad-path.json')
+
+const ajv = new Ajv({ allErrors: true })
+const validate = ajv.compile(schema)
+test('policy schema - known good policy', (t) => {
+  t.truthy(validate(validPolicy))
+})
+
+test('policy schema - invalid policy - empty', (t) => {
+  t.falsy(validate(invalidPolicyEmpty))
+  t.snapshot(validate.errors)
+})
+
+test('policy schema - invalid policy - bad pkg name', (t) => {
+  t.falsy(validate(invalidBadPkgName))
+  t.snapshot(validate.errors)
+})
+
+test('policy schema - invalid policy - bad resolution path', (t) => {
+  t.falsy(validate(invalidBadPath))
+  t.snapshot(validate.errors)
+})

packages/core/test/snapshots/policySchema.spec.js.md

@@ -0,0 +1,69 @@
+# Snapshot report for `test/policySchema.spec.js`
+
+The actual snapshot is saved in `policySchema.spec.js.snap`.
+
+Generated by [AVA](https://avajs.dev).
+
+## policy schema - invalid policy - empty
+
+> Snapshot 1
+
+    [
+      {
+        instancePath: '',
+        keyword: 'required',
+        message: 'must have required property \'resources\'',
+        params: {
+          missingProperty: 'resources',
+        },
+        schemaPath: '#/anyOf/0/required',
+      },
+      {
+        instancePath: '',
+        keyword: 'required',
+        message: 'must have required property \'resolutions\'',
+        params: {
+          missingProperty: 'resolutions',
+        },
+        schemaPath: '#/anyOf/1/required',
+      },
+      {
+        instancePath: '',
+        keyword: 'anyOf',
+        message: 'must match a schema in anyOf',
+        params: {},
+        schemaPath: '#/anyOf',
+      },
+    ]
+
+## policy schema - invalid policy - bad pkg name
+
+> Snapshot 1
+
+    [
+      {
+        instancePath: '/resources',
+        keyword: 'additionalProperties',
+        message: 'must NOT have additional properties',
+        params: {
+          additionalProperty: 'bad>!!packagename',
+        },
+        schemaPath: '#/properties/resources/additionalProperties',
+      },
+    ]
+
+## policy schema - invalid policy - bad resolution path
+
+> Snapshot 1
+
+    [
+      {
+        instancePath: '/resolutions/some>package/some>other>package',
+        keyword: 'pattern',
+        message: 'must match pattern "^(\\.{1,2})(/(?=[^/\\0])[^/\\0]+)*/?$"',
+        params: {
+          pattern: '^(\\.{1,2})(/(?=[^/\\0])[^/\\0]+)*/?$',
+        },
+        schemaPath: '#/properties/resolutions/patternProperties/%5E(%40%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*~1)%3F%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*(%3E(%40%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*~1)%3F%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*)*%24/patternProperties/%5E(%40%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*~1)%3F%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*(%3E(%40%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*~1)%3F%5Ba-z0-9-~0%5D%5Ba-z0-9-._~0%5D*)*%24/pattern',
+      },
+    ]