add idp, oidc integration terraform configs

[tylerthome]

What changes did you make?

• Add OIDC federated creds for incubator terraform action runners to Hack for LA AWS devops-security configurations

Rationale behind the changes?

• Enable terraform operations from the main branch of the incubator repo (pending discussion)

Testing done for these changes

• Terraform tested in separate account for new tf resources

What did you learn or can share that is new?(optional)

• https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect
• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html#idp_oidc_Create_GitHub
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_openid_connect_provider
• https://github.com/aws-actions/configure-aws-credentials#configure-aws-credentials-for-github-actions

Notes

• Possibly related to Fix authentication error on the plan GitHub Action #23

[tylerthome]

@chelseybeck for your and team's review, I've included all of the relevant changes in a single top-level aws-identity-providers.tf file. I noticed that the aws-roles module can be modified to support the config needed for this OIDC update e.g. the federated principal in the policy definition. Happy to add that to this update, and/or factor this identity logic into a module if you foresee the team making this reusable.

[tylerthome]

Closing in favor of #28