Perm updates

[ShawnN24]

• removed "Note: The pdf/ folder is automatically created when you upload files - no manual folder creation needed"
• added policies for deploy script
  • 1 for codebuild trust policies
  • 1 for pdf2html codebuild policies
  • 1 for pdf2pdf codebuild policies
  • 1 for deployer policies
• updated iam permission.md accordingly

[Copilot]

Pull request overview

This PR refactors and documents IAM permissions used by the deployment workflow, moving large inline policy documents out of deploy.sh into standalone JSON policy files and updating the permissions documentation accordingly.

Changes:

• Extracted CodeBuild trust + deployment identity policies into policies/*.json and updated deploy.sh to load them from disk.
• Added a standalone deployer (caller) policy document and updated docs/IAM_PERMISSIONS.md to reference these policy files.
• Minor README cleanup.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
README.md	Removes an upload note related to the pdf/ folder behavior.
deploy.sh	Loads trust/identity policies from policies/ instead of embedding JSON inline.
policies/codebuild-trust-policy.json	New CodeBuild service trust policy JSON.
policies/pdf2pdf-codebuild-policy.json	New PDF-to-PDF CodeBuild deployment identity policy JSON.
policies/pdf2html-codebuild-policy.json	New PDF-to-HTML CodeBuild deployment identity policy JSON.
policies/deploy-policy.json	New deployer (caller) identity policy JSON (reference policy for running deploy.sh).
docs/IAM_PERMISSIONS.md	Rewrites IAM permissions documentation to point to the new standalone policy files and clarifies runtime vs deployment permissions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.