Create S3 buckets and Cloudfront configuration for Kuma attachments

[callahad]

To support mdn/kuma#5998, we'll need the following configured for both Stage and Production

• An S3 bucket for holding Kuma attachments (name doesn't matter; never seen externally)
  • Publicly readable (Just s3:GetObject).
  • IAM credentials granting write access to that bucket (should just need s3:PutObject, s3:PutObjectAcl, s3:GetObject, s3:GetObjectAcl, s3:DeleteObject, and s3:ListBucket)
• A Cloudfront CDN fronting that S3 bucket (domain name should be something reasonable for MDN visitors to see when viewing an attachment directly)

For now, buckets should mirror the Kuma's media/attachments folder, which is currently stored in EFS. (Object names in the S3 bucket should take the form of attachments/YYYY/MM/DD/HASH/filename.ext, matching their current on-disk path). Or at least, that's what it looks like in our local development setup. The path might be different on our production infrastructure.

At some point int he near future, we will cut everything over to S3, stop mirroring, and delete the EFS data.

Assigning to @limed. We still have a few things to resolve in the pull request, so this is not urgent.

[limed]

PR #346 creates all resources requested in comment 1, the cdn will likely have the following DNS names:

• media.stage.mdn.mozit.cloud
• media.prod.mdn.mozit.cloud
• attachments.stage.mdn.mozit.cloud
• attachments.prod.mdn.mozit.cloud