Enforce no variants defined inline in packs

[preslavgerchev]

Take the following sample pack:

packs:
  - uid: mondoo-incident-response-aws
    name: AWS Incident Response Pack (Test)
    queries:
      - uid: mondoo-incident-response-aws-iam-administrator-access
        title: IAM users, groups, and roles to which the AdministratorAccess policy is attached
        variants:
          - uid: mondoo-incident-response-aws-iam-administrator-access-all
          - uid: mondoo-incident-response-aws-iam-administrator-access-user
      - uid: mondoo-incident-response-aws-iam-administrator-access-all
        filters: |
          asset.platform == "aws"
        mql: |
          aws.iam.attachedPolicies.
            where( arn == "arn:aws:iam::aws:policy/AdministratorAccess" ) {
              attachedUsers
              attachedGroups
              attachedRoles
            }
      - uid: mondoo-incident-response-aws-iam-administrator-access-user
        filters: |
          asset.platform == "aws-iam-user"
          aws.iam.attachedPolicies
            .where(arn == "arn:aws:iam::aws:policy/AdministratorAccess")
            .any(attachedUsers
              .contains(
                arn.in(asset.ids)
              )
            )
        mql: |
          aws.iam.user {
            arn
            name
            policies
            id
            tags
            attachedPolicies
            createDate
            accessKeys
            loginProfile
            groups
          }

Structurally it looks fine and is compliant with the struct that we expose for query packs. However, we want to enforce that no variants are defined inline and those are only defined top-level (bundle level). We should adjust the bundle code to ensure that this pack above spits out a better error when being compiled. We should also adjust the linting/fmting to show this as an error when formatting policies/packs.