Feature request: option to add lambda service for read permission

[martijnvdp]

Since lambda supports functions from container images , its needed to have an option to add :Service principals
lambda.amazonaws.com to the readonly policy

to prevent the error (which appears after some time)
Failed to restore the function function_name The function does not have permission to access the specified image.

[martijnvdp]

the readonly policy causes to override existing policies
hashicorp/terraform-provider-aws#3737