fix: surface correct errors for S3 HEAD in geo

What does this MR do?

This MR adds the s3:ListBucket permission to object storage buckets in the AWS reference architecture. This fixes an issue with permissions required to perform a HEAD request on s3. See AWS docs and Geo: Missing permission for s3 HEAD request cau... (#679 - closed) for more.

Notes:

• If there is a better way to determine if something is a geo enabled deployment I can do it that way.
• On the same note if we simply want to enable HEAD requests to not 403 geo or otherwise that would also be fine I wanted to target specifically the situations where that behavior on HEAD requests causes an actual problem first and expand out if we think it's useful, not overly permissive and/or less complicated that way.
• I'm adding it to dedicated here: https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/instrumentor/-/merge_requests/1699 (will vendor in this MR)
• I've not set a milestone since I'm not sure what I should set

Related issues

Closes #679 (closed)

Author's checklist

When ready for review, the Author applies the workflowready for review label and mention @gl-quality/get-maintainers:

• Merge request:
  • Corresponding Issue raised and reviewed by the GET maintainers team.
  • Merge Request Title and Description are up-to-date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline
  • MR has no new security alerts in the widget from the Secret Detection and IaC Scan (SAST) jobs.
• Code:
  • Check the area changed works as expected. Consider testing it in different environment sizes (1k,3k,10k,etc.).
  • Documentation created/updated in the same MR.
  • If this MR adds an optional configuration - check that all permutations continue to work.
  • For Terraform changes: set up a previous version environment, then run a terraform plan with your new changes and ensure nothing will be destroyed. If anything will be destroyed and this can't be avoided please add a comment to the current MR.
• Create any follow-up issue(s) to support the new feature across other supported cloud providers or advanced configurations. Create 1 issue for each provider/configuration. Contact the Quality Enablement team if unsure.