[services][terraform] Set up IAM for feature-flags service

Summary:
Sets up IAM for feature-flags service. Also this is example of how to set up IAM to give minimum required permissions to a service.

Created a role that:

• Can be assumed by EC2 instances and ECS tasks - basically they are allowed to use it
• Allows read operations on feature-flags DDB table

Depends on D8583

Test Plan: Tested together with next diff - they're live on AWS now.

Reviewers: tomek, michal, jon, varun

Reviewed By: jon

Subscribers: ashoat

Differential Revision: https://phab.comm.dev/D8635