fix: dynamoDB permissions

[DecFox]

Closes #21
This diff extends the dynamoDB permissions for the oonidevops-github-policy.

[github-actions]

Terraform Run Output 🤖

Format and Style 🖌success

Initialization ⚙️success

Validation 🤖success

Validation Output

$ terraform validate
Success! The configuration is valid.

Plan 📖success

• undefined

Show Plan

$ terraform plan
Acquiring state lock. This may take a few moments...

Pusher	@DecFox
Action	pull_request
Environment	dev
Workflow	.github/workflows/check_terraform.yml
Last updated	Thu, 14 Mar 2024 17:53:24 GMT

[github-actions]

Ansible Run Output 🤖

Ansible Playbook Recap 🔍

Ansible playbook output 📖success

Show Execution

$ ansible-playbook playbook.yml --check --diff -i ../tf/modules/ansible_inventory/inventories/inventory-dev.ini
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: clickhouse_servers

PLAY [ClickHouse servers] ******************************************************
skipping: no hosts matched

PLAY RECAP *********************************************************************

Pusher	@DecFox
Action	pull_request
Working Directory
Workflow	.github/workflows/check_ansible.yml
Last updated	Thu, 14 Mar 2024 17:53:56 GMT

[hellais]

If we want to allow all permissions on dynamodb, should we then perhaps scope the permissions to arn:aws:dynamodb:eu-central-1:905418398257:table/oonidevops-dev-terraform-state-lock, where 905418398257 is ooni_dev_org_id, so that if we end up using dynamodb for something else that isn't the terraform state lock we aren't giving full permissions to github?