Update documentation & Cloud formation scripts

[npiper]

Add doco update that had to change the role to add another wildcard match for each new Repo using the AWS + Github OpenID Connect approach (Still easier than AWS Keys), possibly worth trialling with a user level wildcard on the subject;

https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services

npiper-githubactions-role:

           "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringLike": {
                    "token.actions.githubusercontent.com:sub": [
                        "repo:npiper/npiper-parent-org:*",
                        "repo:npiper/npiper-parent-pom:*"
                    ]
                }
            }

Also had to modify the bucket policy to make all public read only by default:

New writes on this method got created as non-public readable by default.

{
    "Version": "2008-10-17",
    "Id": "Policy1380877762691",
    "Statement": [
        {
            "Sid": "AllowPublicReadByDefault",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::solveapuzzle-repo/*"
        }
    ]
}