Allow inverted matcher for interface group in firewall ruleset.
For other groups, inverted-matcher is allowed.
This doesn't work:
set firewall name X rule X [inbound-interface | outbound-interface] interface-group !IFACE-GROUP
While this works:
set firewall name X rule X source group address-group !ADDRESS-GROUP
This works: