IAM engine s2s auth policy missing `User API key creator` and `Service ID creator` roles

[ocofaigh]

If an account has service ID creation disabled in their account like below:

And they are using the "IAM credential" engine to create service ID apikeys based off an access group, the Service ID creation will fail with:

Could not create IAM service ID. Verify that the IAM credentials secrets engine has the necessary permissions either by configuring the engine with a valid API key, or by creating an authorization with the IAM service. [secrets-manager.03051E]

To fix this, the s2s auth policy that is created by this module needs to be updated to have the User API key creator and Service ID creator roles on the "IAM Identity Service" service here ->

terraform-ibm-secrets-manager/main.tf

Line 51 in 7ca91c2

roles = ["Operator"]

[toddgiguere]

NOTE: The "Operator" role is still required, so in total it would be three roles.