Add error handling to get_policy in systemsmanager__rce_ec2

[h00die]

Gracefully handle an access denied error when get_policy fails (AccessDenied), and give the user a suggestion on how to fix it. I left the original bubbled up error message in there as it gives additional context that could help a user debug, but felt the suggestion of manually setting an ip-name is a good tip (it got the module to run for me).

Pre

Pacu (example:example) > run systemsmanager__rce_ec2 --target-instances "i-11a11a1a111111a11" --command "whoami" --ip-name "arn:aws:iam::1111111111:example"
  Running module systemsmanager__rce_ec2...

[2024-05-17 17:26:06] Pacu encountered an error while running the previous command. Check /home/cb7192/.local/share/pacu/thomas/error_log.txt for technical details. [LOG LEVEL: MINIMAL]

    <class 'botocore.exceptions.ClientError'>: An error occurred (AccessDenied) when calling the GetPolicy operation: User: arn:aws:iam::999143725571:user/tomas_sysadmin is not authorized to perform: iam:GetPolicy on resource: policy arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM because no identity-based policy allows the iam:GetPolicy action

Post

Pacu (example:example) > run systemsmanager__rce_ec2 --target-instances "i-11a11a1a111111a11" --command "whoami" --ip-name "arn:aws:iam::1111111111:example"
  Running module systemsmanager__rce_ec2...

[systemsmanager__rce_ec2]   Unable to retrieve policy (arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM). Try specifying the ip-name manually. Error: An error occurred (AccessDenied) when calling the GetPolicy operation: User: arn:aws:iam::1111111111:example is not authorized to perform: iam:GetPolicy on resource: policy arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM because no identity-based policy allows the iam:GetPolicy action