firewalld_rich_rule should not permit both masqerade true and action parameters

[qha]

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: any
• Ruby: any
• Distribution: el8
• Module version: 4.4.0

How to reproduce (e.g Puppet code you use)

firewalld_rich_rule { 'Demo':
  ensure     => present,
  zone       => 'fudge,
  masquerade => true,
  dest       => {
    'address' => '192.0.2.0/24'
  },
  action     => 'accept',
}

What are you seeing

Applying the catalog fails and when trying the command manually firewall-cmd notes that masqerade and action is not valid in the same rule:

Error: Execution of '/bin/firewall-cmd --permanent --zone fudge --add-rich-rule rule family="ipv4" destination address="192.0.2.0/24" masquerade accept' returned 122: 
Error: /Stage[main]/Demo/Firewalld_rich_rule[Demo]/ensure: change from 'absent' to 'present' failed: Execution of '/bin/firewall-cmd --permanent --zone fudge --add-rich-rule rule family="ipv4" destination address="192.0.2.0/24"" masquerade accept' returned 122:  (corrective)

# /bin/firewall-cmd --permanent --zone fudge --add-rich-rule 'rule family="ipv4" destination  address="192.0.2.0/24" masquerade accept'
Error: INVALID_RULE: masquerade and action

What behaviour did you expect instead

I expected the validate function of firewalld_rich_rule to make catalog compilation fail with some informative message.

Output log

See above.

Any additional information you'd like to impart

firewalld.richlanguage(5) notes under the "Masquerade" heading "It is not allowed to specify an action here."