Part of ENG-3549. This diff sets up Terraform to use the S3 backend, located on the Terraform/Infra AWS account in the commapp-terraform bucket.
Logged in to that account, the AWS provider 'assumes role' on the target (staging/prod) accounts in order to perform actions.

The following steps were made:

1. Created a new S3 bucket commapp-terraform in the Terraform/Infra AWS account
2. Set up appropriate permissions to access the bucket
3. Both staging and prod accounts have a Terraform IAM role, assumable by the Terraform/Infra account
4. Set up the code in this diff.
5. Log in to the Terraform/Infra account with CLI and ran terraform init -migrate-state to copy local state to S3.

Depends on D8667

1. Logged in to the Terraform/Infra AWS account with AWS CLI
2. Cleared local files and dirs: terraform.tfstate, .terraform/, .terraform.tfstate.d/
3. Ran terraform init and terraform workspace select production. They succeeded.
4. Ran terraform plan - it succeeded and showed the changes that would be applied.
5. Entered S3 console and verified that the state files were last updated during the tf apply.