When rolling back, we should show which permissions got restored

[mcpeak]

Similar to how we do when repoing, we should show which permissions got restored after a rollback.

[Mortinke]

Is not this already implemented in the current version?

I restored this morning a role and got the right information:

Resore will return these permissions:
ec2:describetags

(venv) ubuntu@**********:/usr/local/src/repokid$ repokid rollback_role *************** MailRelay-EC2CustomMetricsRole-1E34E52V15AP9 --selection=0 -c
Loaded config from /usr/local/src/repokid/config.json
Will restore the following policies:
{u'root': {u'Statement': [{u'Action': [u'cloudwatch:PutMetricData',
                                       u'cloudwatch:GetMetricStatistics',
                                       u'cloudwatch:ListMetrics',
                                       u'ec2:DescribeTags'],
                           u'Effect': u'Allow',
                           u'Resource': u'*'}],
           u'Version': u'2012-10-17'}}
Current policies:
{'root': {u'Statement': [{u'Action': [u'cloudwatch:PutMetricData',
                                      u'cloudwatch:GetMetricStatistics',
                                      u'cloudwatch:ListMetrics'
                          u'Effect': u'Allow',
                          u'Resource': u'*'}],
          u'Version': u'2012-10-17'}}

Resore will return these permissions:
ec2:describetags

[mcpeak]

We'll show the full version of the policy we're putting back but not a diff that makes it explicit which permissions that would add. I think it would be useful to have both.