Improvement: amplify function custom policies

[dreamorosi]

The custom-policies.json file under amplify/backend/function/cfncustomfn currently requires the user to manually edit the policy to place region & account ID, as well as the Amplify environment & project name.

We could remove some friction by updating the policy like this:

[
  {
    "Action": [
      "rum:GetAppMonitor"
    ],
    "Resource": [
      {
        "Fn::Sub": "arn:aws:rum:${AWS::Region}:${AWS::AccountId}:appmonitor/*"
      }
    ]
  }
]

This would use the Region & Account ID from the ClouddFormation Stack, and allow access to all AppMonitor resources in the account and region. This is an acceptable tradeoff given that the function is executed only during deployment.