[laa-hmrc-interface-api] Add github oidc provider for sast GHA

[Joel Sugarman (jsugarman)]

Add github oidc provider for sast GHA

Need to access ecr image for scanning

[Sablu M (sablumiah)]

Terraform Plan Summary

Terraform Plan: 6 to be created, 0 to be destroyed, 2 to be updated, 0 to be replaced and 59 unchanged.

Resources to create:

+ module.ecr-repo.aws_iam_role.github[0]
+ module.ecr-repo.aws_iam_role_policy_attachment.github_ecr[0]
+ module.ecr-repo.github_actions_secret.ecr_registry_url["laa-hmrc-interface-service-api"]
+ module.ecr-repo.github_actions_secret.ecr_role_to_assume["laa-hmrc-interface-service-api"]
+ module.ecr-repo.github_actions_variable.ecr_region["laa-hmrc-interface-service-api"]
+ module.ecr-repo.github_actions_variable.ecr_repository["laa-hmrc-interface-service-api"]

Resources to update:

! module.rds.aws_db_instance.rds
! module.rds.aws_db_parameter_group.custom_parameters

[Sablu M (sablumiah)]

This PR CANNOT be auto approved and requires manual approval from the Cloud Platform team.
Reason:
🕵️‍♂️ Manual review required: OPA auto approve policy checks did not pass.

Test	Passed?	Reason
allowlist	❌	This PR includes changes to modules / resources which are not on the allowlist, so we can't auto approve these changes. Please request a Cloud Platform team member's review in #ask-cloud-platform
ecr	✅	Valid ECR related terraform changes
hmpps-template	✅	Valid hmpps template related terraform changes
irsa	✅	Valid irsa related terraform changes
kubernetes_secret	✅	Valid K8s secret related terraform changes
rds	✅	Valid RDS module related terraform changes
secrets_manager	✅	Valid secrets manager related terraform changes
service_pod	✅	Valid Service pod related changes
sns	✅	Valid sns related terraform changes

Please raise it in #ask-cloud-platform Slack channel.