Revert "NRL-1793 align tf for developer role with current in aws"

This reverts commit 0266dda.

This change was useful to avoid releasing unreleased changes to the test environments, but it is no longer needed as those will be released shortly on the release cut.

Author: axelkrastek1-nhs

terraform/account-wide-infrastructure/mgmt/iam__developer-role.tf

@@ -46,9 +46,6 @@ module "developer_policy" {
       Resource = [
         "${data.aws_s3_bucket.terraform_state.arn}/${local.project}/prod/*",
         "${data.aws_s3_bucket.terraform_state.arn}/${local.project}/mgmt/*",
-        "${data.aws_s3_bucket.truststore.arn}/ca/prod.*",
-        "${data.aws_s3_bucket.truststore.arn}/client/prod.*",
-        "${data.aws_s3_bucket.truststore.arn}/server/prod.*"
       ]
     },
     {
@@ -103,6 +100,19 @@ module "developer_policy" {
         "${data.aws_s3_bucket.ci_logging.arn}/*"
       ]
     },
+    {
+      Action = [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject"
+      ]
+      Effect = "Deny"
+      Resource = [
+        "${data.aws_s3_bucket.truststore.arn}/ca/prod*",
+        "${data.aws_s3_bucket.truststore.arn}/client/prod*",
+        "${data.aws_s3_bucket.truststore.arn}/server/prod*"
+      ]
+    },
     {
       Action = [
         "s3:GetObject"