feat: Allow users to change own password in iam-group-with-policies module

[vutny]

Description

This PR corrects IAM Self-manage policy according to example from AWS: Allows MFA-authenticated IAM users to manage their own credentials on the My security credentials page :

1. Previously, it did not allow users to change their password on their own user page. To allow this, now the iam:GetLoginProfile and iam:UpdateLoginProfile actions to be added to the AllowManageOwnPasswords statement.
2. The DenyAllExceptListedIfNoMFA statement has been corrected to include missing iam:GetMFADevice permission for own MFA management.
3. Also, in the same statement iam:ChangePassword action should not be allowed without MFA authorization if it was enforced. This does not allow a user to create a password at sign-in, the MFA must be created and user must authenticate using it before attempting to change administrator provided password.

Motivation and Context

Stay up to date with AWS recommendations for access policies, grant permissions necessary for IAM user selfie-management via AWS Web Console. Make sure if MFA is enforced, it disallows unauthorized password change for IAM user in case of credentials leak.

Breaking Changes

None.

How Has This Been Tested?

• [ ] I have updated at least one of the examples/* to demonstrate and validate my change(s)
• [x] I have tested and validated these changes using one or more of the provided examples/* projects
• [ ] I have executed pre-commit run -a on my pull request

[vutny]

@bryantbiggs , please have a look. Thanks!

[antonbabenko]

This PR is included in version 5.31.0 :tada:

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.