Fix CI pipeline and upgrade GRIT usage

Primarily this MR fixes the pipeline by replacing a couple of GitLab CI tokens:

• Terraform backend state to use the built-in CI token
• E2E tests to use a new token with reduced scopes

Closes CI fails, Manifest is not updated (#16 - closed)

While we're here, a bit of maintenance:

• Replace deprecated gandalf IaC sast runner with the official iac-sast GitLab component (and removed token for other one).
• Allow each image stage to run in parallel, removing resource groups and separating environment names.
• Use latest GRIT modules via terraform git:: module references. It's not pretty, but removes the need to have a separate download step.
  • Arguably updating GRIT and grit-images simultaneously could cause some inconsistencies here, if GRIT HEAD is updated mid pipeline. Given the MR traffic on each project this is very unlikely.

A few notes while working on these changes:

• We're overusing environments in CI jobs. They are only necessary for controlling deployments with remote state, e.g. e2e jobs. Building AMIs and publishing them don't really need environment definitions.
• The e2e tests largely duplicate the existing GRIT e2e AWS tests. It might be less maintenance to have a downstream project pipeline to run the e2e tests instead.