docs: add missing command and flags to CLI instructions

[mdsolsawangwan]

I recently configured the post-scan-action plugin via CLI and ran into several issues:

• Was not able to create an IAM role with the instructed command. A trust policy is required so I've added this to step 4 in CLI - Create an execution role for the Lambda function.
• Was not able to subscribe to an SNS topic via CLI. I was able via the AWS Console only. It seems there's an additional command required, and so I've added it under step 3 in CLI - Subscribe the Lambda to the SNS topic

[mdsolsawangwan]

FYI: @trendmicro/cloud-one-file-storage-security

[mdsolsawangwan]

@carpusherw done, thanks.