Automatically test that our deletion canary can't be deleted

[alexwlchan]

For testing our delete permissions, we have a "deletion canary" in the root of all the storage service buckets. When you want to check the delete permissions are working correctly, you can try deleting this file:

• if the delete is denied, then the permissions are okay
• if the delete is allowed, then the permissions are broken, but we haven't deleted the permanent archive

It might be useful to have a tool that tries to delete it on a schedule (or checks this using something like an IAM Policy Evaluator), and sends us an alert if the delete is allowed, so we know something's gone wrong.