Specify exact role policies for codebuilds

[samhstn]

We currently just use the BuildRole role which has access to more resources than it needs.

We should follow the Grant Least Privilege best practice principle.

This would involve having 2 or 3 roles in ./infra/codebuild.yaml with finer grained permissions.