Deploy via AWS CDK

[jtherrmann]

This PR demonstrates that it's possible to deploy via AWS CDK without converting any of our existing CF templates. We still don't know whether it's feasible to then incrementally convert stacks/resources to CDK or add new CDK resources using this approach.

Also see https://asfdaac.atlassian.net/browse/TOOL-3274

TODO:

• Confirm that creating a new deployment works
• Confirm that deploying to an existing environment works
  • I was able to re-deploy via CDK to an existing cloudformation stack from my local terminal and everything seemed to work, but I haven't tested it via GitHub Actions
• Confirm that converting an existing sub-stack to CDK works
• Confirm that creating a new sub-stack via CDK works
• Review contents of cdk.json (it was auto-generated via cdk init app --language python per the hello world tutorial so could probably be refined)
• Update deployment docs (docs/deployments, README, enterprise deployment wiki article, etc.)
  • document bootstrapping: https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html
• Changelog entry?

Notes:

For the GitHub Actions deployments, I created an IAM user with a policy allowing the following actions:

• sts:AssumeRole for each role created as part of the bootstrapped CDKToolkit stack
• s3:PutObject for the cf-templates bucket
• ssm:GetParameters for all resources, which I think may be necessary for resolving the AmiId parameter of type AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> in main-cf.yml.j2

I didn't specifically search the AWS CDK docs to see if they document the recommended IAM policy to use for automated deployments.

Wrapping up:

• Delete GitHub environment
• Delete CloudFormation stack
• Delete IAM user and policy