[ELI-702] consolidating s3 perms, security perms and streaming perms

[TOEL2]

Description

Context

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[Copilot]

Pull request overview

This PR consolidates GitHub Actions IAM policies in the iams-developer-roles Terraform stack, reducing the number of separate policy resources by merging related permissions (S3 + Terraform state, KMS + code signing, Firehose + Kinesis).

Changes:

• Merged Terraform state S3 permissions into the existing s3_management policy and removed the dedicated Terraform state policy/attachment.
• Combined KMS key management and Lambda code-signing permissions into a new security_management policy and updated attachments accordingly.
• Consolidated Firehose and Kinesis permissions into a single stream_management policy and updated attachments accordingly.

[eddalmond1]

We've skipped this intentionally as the scopes of the actions are at account level, not resource level