Improve IAM policy management

[Godley]

User requirement

As a team admin, I want to be able to create restrictive IAM credentials so that I can have my colleagues use S3 in a secure way.

Specifically, we could add a command to the s3 subcommand for administrators which talks to the AWS api, creates a new credential with the correct actions for the appropriate "buckets" or "dots" - this would mean they don't need to fiddle with the UI or read our docs to figure out how to get the most secure account settings.

Key acceptance criteria

• [ ] There should be a command which creates an IAM policy matching what DM needs, creates a user credential and gives the user credential the policy, then outputs the key id and secret so that the user may give it to colleagues.
• [ ] this could be re-enterable in which case it should only find the IAM policy, create the user and match the two together.

[Godley]

Not going to do this for a while yet, closing. Reopen when we have some capacity to do this