Add ability to set a repository permission policy

[drboyer]

This change enables ecs-conex to set a Permissions Policy on all repositories watched by this instance of conex. ECR Permissions policies enable you to share an ECR repository in one account with another AWS account.

➡️ Documentation on ECR Repository Policies

How this feature was implemented I've implemented this feature where including an IAM policy document as the RepositoryPermissionPolicy stack parameter will set it as an environment variable on the watchbot worker. When a worker is processing a job, after ensuring the ECR repo exists in a given region, the policy for the repository will be set as well (this is an idempotent operation if the policy does not change).

Testing I added what I think are appropriate unit tests to the test/utils.test.sh file. I also tested creating an ECR repository using this stack both when the RepositoryPermissionPolicy parameter was blank and when it was set to a valid policy to share with another account. In both cases, the expected result happened (the repository was published on ECR, in the former case with no permissions set, in the latter with the specified policy set).