Lock down IAM security policies for product role secrets

[colearendt]

I think it's worth locking down the policies long term. Looks better in any security reviews and discussions with customers. The Okta Auth secret does this:

 resources=[
    f"arn:aws:secretsmanager:*:{account_id}:secret:okta-oidc-client-creds-*",
    f"arn:aws:secretsmanager:*:{account_id}:secret:okta-oidc-client-creds.*.posit.team",
    f"arn:aws:secretsmanager:*:{account_id}:secret:okta-oidc-client-creds.*.posit.team*",
],     

Originally posted by @timtalbot in https://github.com/rstudio/ptd/pull/728#pullrequestreview-1928823569