Update mappings for some cloudformation, s3, cloudfront, sqs and cloudwatchlogs operations

Motivations

Over the last half year, we did a number of changes for the IAM dataset, due to diverse user bug reports or more testing in LocalStack.

With this PR, I want to upstream our changes as much as possible.

Cloudformation: The StackName parameter in cloudformation generally also accepts the StackId: https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_DescribeStacks.html . Often stack id only for deleted stacks, and stack name or id for active stacks. We have to strip everything but the arn for the resource rendering to yield correct results
Cloudfront: The CreateDistributionWithTags also uses the cloudfront:CreateDistribution IAM action
S3: The DeleteBucketOwnershipControls operations uses the s3:PutBucketOwnershipControls action, similar for DeleteBucketIntelligentTieringConfiguration
SQS: Some batch operations using the same IAM action as the non-batch action
SSM: Trimming leading slashes
Secretsmanager: Basically implementing #24 in case the secrets suffix is properly provided in the request. I used the regex without the negative lookahead to avoid issues with go regex, which does not support lookarounds.