What steps will reproduce the problem?
(1) Add a subdirectory of a directory that already has several allowed includes.
    Example, a new sub-directory of //chrome/browser, which will already have //chrome/DEPS and //chrome/browser/DEPS allowances.
(2) Add a DEPS-file with a restrictive set of include-rules, to isolate this part of the code, that only allows base and net.
(3) Within //chrome/browser/your_subdirectory, add an include for something in //content.
(4) Run checkdeps:
    $ ./buildtools/checkdeps/checkdeps.py --root . chrome/browser/your_subdirectory


What is the expected result?
If we assume 'restrictive set of include-rules' includes removing everything from the parent, I would expect checkdeps to fail.


What happens instead?
checkdeps succeeds, as there is no way of removing DEPS include_rules allowed by parents.


More information:
Conceptually I want something like the 'set noparent' we use in our OWNERS-files to also be available for DEPS.


Basically something like this:
include_rules = [
  # Set noparent-like thing:
  "-*",


  # The real deps of //chrome/browser/your_subdirectory
  "+base",
  "+net",
]


I'm not sure if the order matters for 'include_rules' (is it ever put in a set?), but if it does, maybe we need some other identifier than something in a list.


Otherwise, something like "-*" would he helpful.