Feature proposal: IAM role splicing

[taschmidt]

This is a Feature Proposal

Description

There are many AWS service integrations that can be utilized from step functions (AWS claims over 200). Some are arguably more common than others. On a project I'm working on currently, I want to make an API call to one of the less common services, MediaLive.

My options currently:

1. Write a whole new IAM role like the docs suggest. Not only does this add a large amount of bloat to my resources block simply to add a single permission but it also carries with it the tedious task of keeping the lambda:InvokeFunction array up to date.
2. Go through the process of submitting a PR specifically adding this niche permission to the already unwieldy switch statement here.

Instead, I would propose a more flexible and future-proof extension point to allow arbitrary permissions to be added to the IAM role this lib creates.

Similar to the behavior in another plugin I already use extensively, serverless-iam-roles-per-function, an iamRoleStatements prop could be added at the root of a step function which contains just the additional statements needed, like this:

stepFunctions:
  validate: true
  stateMachines:
    hello:
      iamRoleStatements:
        - Effect: Allow
          Action:
            - medialive:StopChannel
          Resource:
            - arn:aws:medialive:*:*:*
      definition:
        ...

I can take a stab at a PR but I think it could be as simple as concatenating the value of iamRoleStatements to the array right after this line.