PLT-1605 : Codebuild permissions required for issuing new codebuild projects (#405)

## 🎫 Ticket

https://jira.cms.gov/browse/...

## 🛠 Changes

<!-- What was added, updated, or removed in this PR? -->

## ℹ️ Context

<!-- Why were these changes made? Add background context suitable for a
non-technical audience. -->
These changes are made to support the establishment and management of
new codebuild projects.

<!-- If any of the following security implications apply, this PR must
not be merged without Stephen Walter's approval. Explain in this section
and add @SJWalter11 as a reviewer.
  - Adds a new software dependency or dependencies.
  - Modifies or invalidates one or more of our security controls.
  - Stores or transmits data that was not stored or transmitted before.
- Requires additional review of security implications for other reasons.
-->

## 🧪 Validation
This will be validated upon merge and running tofu apply with the github
actions role.

<!-- How were the changes verified? Did you fully test the acceptance
criteria in the ticket? Provide reproducible testing instructions and
screenshots if applicable. -->

Tofu plan for cdap test 
<details>
# aws_iam_role_policy.github_actions_role_policy will be updated
in-place
  ~ resource "aws_iam_role_policy" "github_actions_role_policy" {
        id          = "cdap-test-github-actions:terraform-##"
        name        = "terraform-###"
      ~ policy      = jsonencode(
          ~ {
              ~ Statement = [
                    # (2 unchanged elements hidden)
                    {
                        Action   = [
                            "backup:GetBackupSelection",
                            "backup:GetBackupPlan",
                            "backup:DescribeBackupVault",
                            "backup:CreateBackupSelection",
                            "backup:CreateBackupPlan",
                        ]
                        Effect   = "Allow"
                        Resource = "*"
                    },
                  + {
                      + Action   = [
                          + "codebuild:UpdateWebhook",
                          + "codebuild:UpdateProject",
                          + "codebuild:ListProjects",
                          + "codebuild:DeleteWebhook",
                          + "codebuild:DeleteProject",
                          + "codebuild:CreateWebhook",
                          + "codebuild:CreateInvalidation",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                    {
                        Action   = [
                            "cloudfront:ListDistributions",
                            "cloudfront:GetResponseHeadersPolicy",
                            "cloudfront:GetOriginAccessControl",
                            "cloudfront:CreateInvalidation",
                        ]
                        Effect   = "Allow"
                        Resource = "*"
                    },
                    # (23 unchanged elements hidden)
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (2 unchanged attributes hidden)
    }


</details>

Author: mianava

terraform/services/github-actions-role/main.tf

@@ -131,6 +131,19 @@ data "aws_iam_policy_document" "github_actions_policy" {
     ]
     resources = ["*"]
   }
+  # Codebuild
+  statement {
+    actions = [
+      "codebuild:CreateInvalidation",
+      "codebuild:CreateWebhook",
+      "codebuild:DeleteProject",
+      "codebuild:DeleteWebhook",
+      "codebuild:ListProjects",
+      "codebuild:UpdateProject",
+      "codebuild:UpdateWebhook"
+    ]
+    resources = ["*"]
+  }
   # CloudFront
   statement {
     actions = [