add CloudTrail perms and improve EvironmentCreateForm (#1852)

Users that are not bootstrapping the environment AWS accounts with Admin
permissions will face #1839 because their bootstrap role is missing some
essential CloudTrail permissions that were introduced by #1811.

⚠️ All users that are using the custom `cdkExecPolicy.yaml` must
redownload it and then update the stack with

```
aws cloudformation --region asdasd create-stack --stack-name DataAllCustomCDKExecPolicyStack --template-body file://cdkExecPolicy.yaml --parameters ParameterKey=EnvironmentResourcePrefix,ParameterValue=dataall --capabilities CAPABILITY_NAMED_IAM
```

⚠️ Because of the policy split users must rerun `cdk bootstrap` in order
to include the second policy into the cdk-exec role

```
cdk bootstrap --trust $TRUST_ACCOUNT_ID -c @aws-cdk/core:newStyleStackSynthesis=true --cloudformation-execution-policies \
arn:aws:iam::$ACCOUNT_ID:policy/DataAllCustomCDKPolicy$REGION,\
arn:aws:iam::$ACCOUNT_ID:policy/DataAllCustomCDKPolicy-1-$REGION \
aws://$ACCOUNT_ID/$REGION
```

Improvements
* reflect inputs into the fields in the commands to make
copy/paste/execute easier
* split the named policies because we exceed the maximum length
* display the commands in code-like block

Demo
![Recording 2025-08-06 at 10 55
54](https://github.com/user-attachments/assets/1cf059c6-954c-4faa-b311-d6323a699472)



### Feature or Bugfix
- Bugfix

Resolve #1839

Author: petrkalos

deploy/cdk_exec_policy/cdkExecPolicy.yaml

@@ -113,6 +113,17 @@ Resources:
               - 'iam:*Role*'
             Resource: !Sub 'arn:${AWS::Partition}:iam::*:role/cdk-*'
 
+          - Sid: CloudTrail
+            Effect: Allow
+            Action:
+              - 'cloudtrail:DeleteTrail'
+              - 'cloudtrail:CreateTrail'
+              - 'cloudtrail:AddTags'
+              - 'cloudtrail:StartLogging'
+              - 'cloudtrail:PutEventSelectors'
+            Resource:
+              - !Sub 'arn:${AWS::Partition}:cloudtrail:${AWS::Region}:${AWS::AccountId}:trail/dataall-environment-*'
+
           - !If 
             - DashboardsEnabledCondition
             - Sid: Quicksight
@@ -240,6 +251,18 @@ Resources:
                 - !Sub 'arn:${AWS::Partition}:sagemaker:${AWS::Region}:${AWS::AccountId}:notebook-instance/${EnvironmentResourcePrefix}*'
             - !Ref AWS::NoValue
 
+  CDKCustomExecutionPolicy1:
+    Type: 'AWS::IAM::ManagedPolicy'
+    Properties:
+      ManagedPolicyName: !Join
+        - ''
+        - - !Ref PolicyName
+          - '-1-'
+          - !Ref AWS::Region
+      PolicyDocument:
+        Version: 2012-10-17
+        Statement:
+
           - Sid: SSM
             Effect: Allow
             Action: