sap_vm_provision: feat: aws security enhancements

[marcelmamula]

PR covers following enhancements:
#1

• no_log: "{{ __sap_vm_provision_no_log }}" to hide secrets in -vvv debug mode
• access_key and secret_key were added directly into aws modules because of point above
• region was not added into modules, because Route53 module requires extra parameter interpreter. Region is kept as environment variable.

Additionally covered:

• S-User password assignment in var task is hidden with no_log: true
• Platform guidance was updated with detailed breakdown of IAM Actions as additional option for IAM Policy setup to enhance security.

Rescue block added for failed awscli calls.

[sean-freeman]

@marcelmamula the change for AWS Route53 DNS Record becomes a destructive action, therefore we will need to implement a new default variable sap_vm_provision_aws_private_dns_overwrite: false to this PR (use common var name pattern _private_dns because new vars have been requested for MS Azure Private DNS also).

Changes to Env Var approach to avoid use of no_log at the Ansible Task Block level, will require re-work across all target Infrastructure Platforms and re-test for all. This will take some time, only then can I accept PR.

[sean-freeman]

@marcelmamula overwrite is only added to the provisioned hosts DNS Record, it needs to be added to all amazon.aws.route53 Ansible Modules (including the commented-out code) in execute_setup_ha.yml file also

EDIT: On second thoughts, please remove overwrite from this PR. Continue discussion in #2

[sean-freeman]

As discussed separately and agreed, this PR contains - the hidden debugging var added for no_log, rename of task registered vars, remove environment var and declare secrets as module args, and a new rescue block that will output errors (that no_log will otherwise hide). This open PR merges these changes first, and I will append another PR for the other infrastructure platforms.

lgtm 👍 Merge when ready