fix: Replace count with for_each in additional_many policy attachment

[gungoren]

Summary

• Replaces count with for_each in aws_iam_role_policy_attachment.additional_many
• Uses policy ARN as the stable for_each key instead of list index
• Prevents unnecessary detach/reattach of all policies when one is removed from the front or middle of the list, which causes Lambda functions to temporarily lose access to external services during the destroy→attach cycle

Problem

When using count with a list of policy ARNs, Terraform tracks attachments by index. Removing any item other than the last causes all subsequent resources to be re-indexed, triggering a full detach of all policies followed by reattachment of the remaining ones. During this window, the Lambda function loses IAM permissions.

Solution

Switch to for_each with toset(var.policies), using the ARN itself as the stable key. This ensures Terraform only destroys the specific attachment being removed, leaving all others untouched.

Test plan

• Apply with existing policies — verify no changes detected
• Remove a policy from the front of the list — verify only that attachment is destroyed, others are untouched
• Verify Lambda functions retain external service access during policy changes