Validate that SMTP Brokerpak handles multi-tenancy

[jameshochadel]

The existing deployment(s) of the SMTP brokerpak mentioned in #2988 were designed for use by single customers who run the Cloud Service Broker as a Supplemental Service Broker, brokering services to one organization only. Our CSB deployment will be available to all customers, so we must make sure the provisioning & binding code creates resources scoped to the tenant that created them.

Acceptance Criteria:

• Validate that binding credentials have access to only one SES identity and document the reasoning or results

[jameshochadel]

Per AWS, a user cannot send to an identity without an IAM policy or Sending Authorization Policy that allows it. The brokerpak implements this with an IAM policy, which includes a Resource constraint with the ARN of their identity and configuration set. This prevents cross-identity, and therefore cross-tenant, access.