If a user updates a policy after creating the blueprint for it, those changes are not reflected within the blueprint.

When the user goes to build a new image for the existing blueprint we should warn the user that the policy has changed and the blueprint needs an update.  This could then allow them either automatically update the blueprint.

We should use the existing linting functionality to handle this, as it already supports new items being added to the policy:

It just doesn't support things being removed.

The workflow would be:

User creates policy
User creates blueprint, selecting policy
User updates policy, causing a package, service, etc.. to be removed
User visits the blueprint details
Sees the current 'errors' linter box (this maybe should be 'warnings'?)
Will say  "Compliance: package sudo is no longer required by the policy"
User can: 
    Fix warnings automatically.  This would remove sudo from the blueprint and save it.
    Ignore warnings.  This would 'save' the current compliance blueprint toml onto the blueprint, ovewriting what was there previously.

either way, the warning would disappear