[services-lib] Add fn to verify services token
Summary:
This diff adds logic to access and verify service-to-service token held in AWS secrets manager.
AWS uses "tags" to version secrets. The current version of the secret is tagged AWSCURRENT. Previous version from before rotation is tagged with AWSPREVIOUS.
Depends on D9277
Test Plan:
- Verified that the secret is accessible.
- Validation logic works for token with tag AWSCURRENT (set in terraform, also set by default in AWS).
- Rotated the secret (changed manually so last_rotated() replaced with last_changed()) and verified the old token is invalid.
- Increased the protection period to 1 hour and verified that the old token is still valid.
Reviewers: varun, michal, jon
Reviewed By: varun, michal
Subscribers: ashoat, tomek
Differential Revision: https://phab.comm.dev/D9279