Remaining C-001 cleanup work

[dburgener]

I've turned C-001 off by default in the default config file. The primary reason for this is that it just outputs a lot of information. Secondary, a fair amount of that information seems to be of questionable value.

In my view, the following things need to happen for C-001 to be turned back on by default:

• Fix any remaining false positives
• Clarify ambiguous points in the refpolicy Style Guide
• Clean up genuine ordering issues in upstream refpolicy, so users can have a solid base to start from without getting ~550 C-001 issues from parts of the policy they didn't even write

This ticket is to track progress on those items.