Document minimal policy required to be attached to S3User to prevent an infinite loop

Author: Damien Clabaut

README.md

@@ -229,10 +229,22 @@ spec:
   # Content of the policy, as a multiline string 
   # This should be IAM compliant JSON - follow the guidelines of the actual
   # S3 provider you're using, as sometimes only a subset is available.
+     The first Statement (Allow ListBucket) should be applied to every user,
+  # as s3-operator uses this call to verify that credentials are valid when
+  # reconciling an existing user.
   policyContent: >-
     {
       "Version": "2012-10-17",
       "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "s3:ListBucket"
+        ],
+        "Resource": [
+          "arn:aws:s3:::*"
+        ]
+      },
       {
         "Effect": "Allow",
         "Action": [
@@ -386,4 +398,3 @@ More information can be found via the [Kubebuilder Documentation](https://book.k
 
 </details>
 
-