feat(bootstrap): add resource-action-map for 57 CF resource types

Maps all CloudFormation resource types used by the ABCA stack to their
required IAM actions per lifecycle phase (create/read/update/delete).
Actions are sourced from CloudTrail-validated policies in DEPLOYMENT_ROLES.md.
Tests validate structure, format, and policy coverage (with known gaps
for SQS, S3 bucket lifecycle, and Lambda ESM/Layer actions documented).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: scottschreckengaust

cdk/src/bootstrap/preflight/index.ts

@@ -0,0 +1,25 @@
+/**
+ *  MIT No Attribution
+ *
+ *  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy of
+ *  the Software without restriction, including without limitation the rights to
+ *  use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ *  the Software, and to permit persons to whom the Software is furnished to do so.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ *  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ *  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ *  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ *  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ *  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ *  SOFTWARE.
+ */
+
+export {
+  RESOURCE_ACTION_MAP,
+  getActionsForResource,
+  getAllMappedActions,
+} from './resource-action-map';
+export type { ResourceActions } from './resource-action-map';