Add `cloudformation:GetTemplate` to deployment VM

[manics]

Description

This is needed so the deployment VM can query the existing CDK2 bootstrap stack

---

Declaration : By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[drchriscole]

Can you explain this a bit more? My knowledge is lacking here.

[manics]

This is the VM that's used to run the actual TREEHOOSE deployment. The easy option is to give the VM full admin permissions on AWS, the more secure way done here is to only give the permissions required. This PR is adding a missing permission.