Investigate required steps to get CAS working with MIE CMK

[brandold]

MIE has added a stack level CMK that encrypts all services. CAS needs to be able to work with this key.

[brandold]

1. Need to add "kms:Decrypt" permissions to consumer lambda
2. Need to add "kms:Encrypt" and "kms:GenerateDataKey" to federated IAM roles
3. Need to adjust MIE DDB stream lambda IAM role to have "kms:Decrypt" permission in addition to generate data key
4. Need to add parameter in both CF stacks for retrieving the MIE KMS Key ARN