Support resource policies #8
Description
Allow creation of resource policies via policy_add (or equivalent).
This will require some additional facts and relationships:
- The request context may need to know the Caller ARN and the resource owner ARN, or just assume they are the same.
- The resource policy type can include a principal block
- Unlike identity policies, resource policies are not limited by boundary policies.
- The resource policy type has different semantics to identity-based policies.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html