Custom responses based on content type and tags

[sporkmonger]

In order to better support API security use-cases and provide better user feedback in case of a false positive, Bulwark should offer a mechanism of emitting a custom response instead of a hard-coded "Access Denied".

Responses should be loaded from a file path relative to the configuration file. The configuration should specify the status code and content type to deliver with the response. Additionally, the content type should be matched based on the order given in the Accept header in the request, otherwise the fallback order should be the order in which custom responses are defined.

Additionally, responses should be determined by tags, matching from most specific match to least specific. Content-Type should take precedence over tags to avoid delivering a response to a client that it cannot process. Generically there should be a custom response with no tags at all that can act as a catch-all.

Bulwark would still continue to supply it's own top-level generic response when no custom response matches. Bulwark should additionally add support for generic built-in responses for JSON endpoints, not just a text/plain "Access Denied" response.