regal: Update to 0.9.0

Changes:
0.9.0
-----
This release brings three new rules to Regal, a new Rego-based build
system, and improvements to the Go API. Plus a number of improvements,
features and bugfixes.

The v0.9.0 release also coincides with some exciting news from our
community — users of the Rego Playground now experience Regal
integrated in the tool, and have linter violations reported directly in
the UI!

## New rule: `dubious-print-sprintf` (Category: `testing`)

This new rule will flag the use of `print` together with `sprintf` in
it's argument list. The `print` function takes any number of arguments
as it is, and using `sprintf` negates the benefits of the `print`
functions special handling of undefined values.

## New rule: `forbidden-function-call` (Category: `custom`)

In the custom category, the new `forbidden-function-call` rule will
allow you to configure a list of built-in functions that should be
flagged by Regal if encountered. This could for example be `http.send`
calls, or JWT decoding using HMAC rather than assymetric crypto.

## New rule: `chained-rule-body` (Category: `style`)

The new chained-rule-body rule will have Regal flag rules where the
body is "chained", as this style isn't recommended any more.

## Go API (experimental)

While integrations using the Go API is still not recommended, several
steps were taken in this release in order to move it closer to a stable
state. This work was done in order to get Regal integrated into the
Rego Playground.

## Other improvements and fixes

- Custom configuration for a rule is no longer required to provide a
  `level` attribute. If not provided, the level will be inherited from
  the default configuration for that rule.
- The `walk` built-in function is now by default excepted by the
  `function-arg-return` rule.
- The `regal lint` command now accepts a `--metrics` flag, which will
  provide helpful information on where Regal spends most of the time
  evaluating a project.

(leot)