feat: Ssm paramater policy fix

[aaythapa]

Issue #, if available

#1112

Description of changes

The SSM parameter name can have a leading slash and not have one (as per the docs). Right now the SSMParamaeterReadPolicy doesn't account for names that have a leading slash. The resource arn is arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${parameterName} which adds an extra slash if the ${parameterName} has a leading slash. Can't change the policy directly as that would break compatibility. Added a new policy that customers can use when their parameter name has a leading slash.

Description of how you validated changes

Checklist

• Adheres to the development guidelines
• Add/update unit tests using:
  • Correct values
  • Bad/wrong values (None, empty, wrong type, length, etc.)
  • Intrinsic Functions
• Add/update integration tests
• Update documentation
• Verify transformed template deploys and application functions as expected
• Do these changes include any template validations?
  • Did the newly validated properties support intrinsics prior to adding the validations? (If unsure, please review Intrinsic Functions before proceeding).
    • Does the pull request ensure that intrinsics remain functional with the new validations?

Examples?

Please reach out in the comments, if you want to add an example. Examples will be
added to sam init through https://github.com/awslabs/aws-sam-cli-app-templates/

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[aaythapa]

Opened security consultation, waiting for approval

[aaythapa]

Got security approval

[xazhao]

Can we remove the extra slash if it is invalid?

[aaythapa]

Can we remove the extra slash if it is invalid?

Having a name with a slash and and without a slash are both valid so we need both policies